Description
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Remediation
References
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
http://yuilibrary.com/support/20130515-vulnerability/
https://moodle.org/mod/forum/discuss.php?d=232496
Related Vulnerabilities
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-hbase_2-client-service
CVE-2013-2160 Vulnerability in maven package org.apache.cxf:apache-cxf
CVE-2023-36665 Vulnerability in maven package org.webjars.npm:github-com-protobufjs-protobuf-js
CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-dao