Description
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Remediation
References
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
http://yuilibrary.com/support/20130515-vulnerability/
https://moodle.org/mod/forum/discuss.php?d=232496
Related Vulnerabilities
CVE-2020-8176 Vulnerability in npm package koa-shopify-auth
CVE-2023-26491 Vulnerability in npm package rsshub
CVE-2021-23566 Vulnerability in npm package nanoid
CVE-2023-29210 Vulnerability in maven package org.xwiki.platform:xwiki-platform-notifications-ui
CVE-2018-11786 Vulnerability in maven package org.apache.karaf.shell:org.apache.karaf.shell.core