Description
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.
Remediation
References
Related Vulnerabilities
Jenkins CVE-2023-27904 Vulnerability (CVE-2023-27904)
WordPress Other Vulnerability (CVE-2007-1244)
WordPress Plugin Responsive Lightbox2 Cross-Site Scripting (1.0.2)
MySQL CVE-2022-21331 Vulnerability (CVE-2022-21331)
WordPress Plugin All-in-One WP Migration Multiple Cross-Site Request Forgery Vulnerabilities (7.1)