Description
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin Cryptocurrency Donation Box-Bitcoin & Crypto Donations Security Bypass (1.7)
WordPress Plugin Integration of Moneybird for WooCommerce Cross-Site Scripting (2.1.1)
MySQL CVE-2014-6478 Vulnerability (CVE-2014-6478)
WordPress Plugin Spreadsheet (wpSS) SQL Injection (0.62)
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2024-38023)