Description
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Remediation
References
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
http://yuilibrary.com/support/20130515-vulnerability/
https://moodle.org/mod/forum/discuss.php?d=232496
Related Vulnerabilities
CVE-2010-4207 Vulnerability in maven package org.webjars:yui
CVE-2021-23419 Vulnerability in npm package open-graph
CVE-2021-21318 Vulnerability in maven package org.opencastproject:opencast-search-service-impl
CVE-2012-1833 Vulnerability in maven package org.grails:grails-plugin-controllers
CVE-2011-1088 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core