Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865
openwall.com/lists/oss-security/2014/11/17/11
www.securitytracker.com/id/1031215
github.com/moodle/moodle
github.com/moodle/moodle/commit/7bb6b84cfd308bad89dc0c3f95ad2fa55b7d25f8
github.com/moodle/moodle/commit/8bf49b7377438a7f259750e2f076c612c0a5d84e
github.com/moodle/moodle/commit/b7f75a9c05c65fb1d2f6391f5dd852f9e923a183
github.com/moodle/moodle/commit/c6b6e5decee4c452b8667f82d7c64f137b687d7c
moodle.org/mod/forum/discuss.php?d=275147
nvd.nist.gov/vuln/detail/CVE-2014-7830
web.archive.org/web/20200228175348/www.securityfocus.com/bid/71119