Description

Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

Remediation

References

CVE-2013-4942

Related Vulnerabilities

CakePHP Deserialization of Untrusted Data Vulnerability (CVE-2019-11458)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2156)

WordPress Plugin User Submitted Posts Cross-Site Scripting (20151113)

WordPress Plugin Computer Repair Shop Cross-Site Scripting (1.0)

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13964)

Severity

Medium

Classification

CVE-2013-4942 CWE-707

Tags

Missing Update Known Vulnerabilities