Description

Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

Remediation

References

CVE-2013-4941

Related Vulnerabilities

WordPress Plugin Appointment Hour Booking-WordPress Booking Cross-Site Scripting (1.1.44)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Directory Traversal (1.3.42)

WordPress Plugin MailPoet Newsletters (Previous) Cross-Site Scripting (2.6.19)

Internet Information Services Other Vulnerability (CVE-1999-0739)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-23129)

Severity

Medium

Classification

CVE-2013-4941 CWE-707

Tags

Missing Update Known Vulnerabilities