Description
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Remediation
References
https://moodle.org/mod/forum/discuss.php?d=232496
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
http://yuilibrary.com/support/20130515-vulnerability/
Related Vulnerabilities
CVE-2020-2258 Vulnerability in maven package org.jenkins-ci.plugins:cloudbees-jenkins-advisor
CVE-2021-46877 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2017-1000110 Vulnerability in maven package io.jenkins.blueocean:blueocean-parent
CVE-2023-49378 Vulnerability in maven package com.jfinal:jfinal
CVE-2021-31403 Vulnerability in maven package com.vaadin:vaadin-server