Description
Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a crafted quiz response.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2006-0266 Vulnerability (CVE-2006-0266)
MySQL Use of Externally-Controlled Format String Vulnerability (CVE-2006-3469)
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3923)
Internet Information Services Other Vulnerability (CVE-2001-0096)