Description
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Remediation
References
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
http://yuilibrary.com/support/20130515-vulnerability/
https://moodle.org/mod/forum/discuss.php?d=232496
Related Vulnerabilities
CVE-2023-35155 Vulnerability in maven package org.xwiki.platform:xwiki-platform-sharepage-api
CVE-2023-32986 Vulnerability in maven package io.jenkins.plugins:file-parameters
CVE-2022-35942 Vulnerability in npm package loopback-connector-postgresql
CVE-2023-40348 Vulnerability in maven package org.jenkins-ci.plugins:gogs-webhook
CVE-2017-16008 Vulnerability in maven package org.webjars.bower:i18next