Description
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form 7 Redirect & Thank You Page Cross-Site Request Forgery (1.0.3)
WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.30)
Apache Tomcat CVE-2020-13943 Vulnerability (CVE-2020-13943)
SharePoint Resource Management Errors Vulnerability (CVE-2015-0064)
SharePoint Resource Management Errors Vulnerability (CVE-2008-3006)