Description
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Remediation
References
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
http://yuilibrary.com/support/20130515-vulnerability/
https://moodle.org/mod/forum/discuss.php?d=232496
Related Vulnerabilities
CVE-2017-5653 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-xml
CVE-2016-10735 Vulnerability in maven package org.webjars.bowergithub.angular-ui:bootstrap
CVE-2016-10703 Vulnerability in maven package org.webjars.npm:ecstatic
CVE-2021-21409 Vulnerability in maven package io.netty:netty-codec-http2
CVE-2023-32261 Vulnerability in maven package org.jenkins-ci.plugins:dimensionsscm