access.php in the Lesson module in Moodle 2.8.x prior to 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle 2.8.1 |
||
moodle moodle 2.8.0 |