Description

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.

Remediation

References

CVE-2018-10891

Related Vulnerabilities

PrestaShop Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-13461)

WordPress Plugin WP Visitor Statistics (Real Time Traffic) Unspecified Vulnerability (4.8)

Python Resource Management Errors Vulnerability (CVE-2012-0845)

WordPress Plugin open-flash-chart-core Remote Code Execution (0.4)

Serendipity Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2006-6242)

Severity

High

Classification

CVE-2018-10891 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities