Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49940
github.com/moodle/moodle
github.com/moodle/moodle/commit/12c232df76885effa5ebac08e3094d6db5aa9223
github.com/moodle/moodle/commit/31d0bf81af079bc285ea439ac5160f9e45697c88
github.com/moodle/moodle/commit/48d8989f13a6320c54b05f7d3ea552356cf85ed6
github.com/moodle/moodle/commit/86cec86942c1cfcb92b840afd18deed9b9a34951
github.com/moodle/moodle/commit/b4f4232e1cf76334e4b8dda9cf68962b121e6bc0
github.com/moodle/moodle/commit/f03ec4ce85b3d361429d9f66dbbb478a353640c9
github.com/moodle/moodle/commit/fd14d2902fab15fa6affecc427bb11d3869d9afe
moodle.org/mod/forum/discuss.php?d=323231
nvd.nist.gov/vuln/detail/CVE-2015-5336