Total vulnerabilities in the database
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.
Software | From | Fixed in |
---|---|---|
moodle / moodle | 2.8.1 | 2.8.1.x |
moodle / moodle | 2.8.0 | 2.8.0.x |