Description
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Remediation
References
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
http://yuilibrary.com/support/20130515-vulnerability/
https://moodle.org/mod/forum/discuss.php?d=232496
Related Vulnerabilities
CVE-2023-44487 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2014-7810 Vulnerability in maven package org.apache.tomcat:el-api
CVE-2022-21144 Vulnerability in npm package libxmljs
CVE-2022-25901 Vulnerability in maven package org.webjars.npm:cookiejar
CVE-2020-1954 Vulnerability in maven package org.apache.cxf:cxf-rt-management