Description
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Compfight Cross-Site Scripting (1.4)
PHP Deserialization of Untrusted Data Vulnerability (CVE-2018-19396)
MediaWiki Improper Access Control Vulnerability (CVE-2015-8627)
WordPress Plugin wpForo Forum Cross-Site Scripting (1.4.11)
Magento Improper Input Validation Vulnerability (CVE-2022-42344)