Description

Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

Remediation

References

CVE-2013-4941

Related Vulnerabilities

Apache Tomcat URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-41080)

PHP Other Vulnerability (CVE-2006-1494)

Python CVE-2020-27619 Vulnerability (CVE-2020-27619)

WordPress Plugin Request a Quote Cross-Site Scripting (2.0.0)

Apache HTTP Server Other Vulnerability (CVE-2000-0869)

Severity

Medium

Classification

CVE-2013-4941 CWE-707

Tags

Missing Update Known Vulnerabilities