|Topic:||XSS vulnerability in YUI 2.4.0 through YUI 2.8.1|
|Versions affected:||< 1.9.10|
|Reported and coordinated by:||YUI development team|
|Solution:||upgrade to Moodle 1.9.10 or replace the following vulnerable files as described in the linked YUI support document
Moodle 1.9.9 or older include YUI library 2.6.0 which is one of the vulnerable versions described in http://yuilibrary.com/support/2.8.2/, this makes all older versions of Moodle 1.9.x vulnerable.