Description
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin Concours Cross-Site Scripting (1.1)
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4225)
Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-8114)
PrestaShop Incorrect Authorization Vulnerability (CVE-2020-5288)
WordPress Plugin WordPress Download Manager Cross-Site Request Forgery (2.8.99)