Description
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ultimate Google Analytics Cross-Site Request Forgery (1.6.0)
WordPress Plugin Gallery-Flagallery Photo Portfolio Information Disclosure (4.24)
WordPress Plugin WatchTowerHQ Security Bypass (3.6.15)
WordPress Plugin Mail Queue Cross-Site Scripting (1.1)
Joomla Incorrect Authorization Vulnerability (CVE-2018-17857)