Description
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Remediation
References
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
http://yuilibrary.com/support/20130515-vulnerability/
https://moodle.org/mod/forum/discuss.php?d=232496
Related Vulnerabilities
CVE-2023-46131 Vulnerability in maven package org.grails:grails-web-common
CVE-2017-16015 Vulnerability in npm package forms
CVE-2023-50728 Vulnerability in npm package @octokit/app
CVE-2018-1000615 Vulnerability in maven package org.onosproject:onos-ovsdb
CVE-2021-39152 Vulnerability in maven package com.thoughtworks.xstream:xstream