Description
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin More from Google Cross-Site Scripting (0.0.2)
SharePoint CVE-2019-1205 Vulnerability (CVE-2019-1205)
WordPress Plugin File Uploader Arbitrary File Upload (1.1)
PostgreSQL Improper Access Control Vulnerability (CVE-2016-0768)
Liferay Portal Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-33323)