Description
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.
Remediation
References
Related Vulnerabilities
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1806)
WordPress Plugin WooCommerce Weight Based Shipping Cross-Site Request Forgery (5.4.1)
WordPress Plugin Premium Addons for Elementor Cross-Site Scripting (3.7.2)
Mailman Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-44227)