Description
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.
Remediation
References
Related Vulnerabilities
YOURLS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-0088)
WordPress Plugin Custom Search by BestWebSoft Cross-Site Scripting (1.35)
WordPress Plugin WP Social Sharing Cross-Site Scripting (2.2)
Oracle HTTP Server Other Vulnerability (CVE-2007-0281)
WordPress Plugin Launcher:Coming Soon & Maintenance Mode Cross-Site Scripting (1.0.10)