Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a crafted quiz response.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49364
openwall.com/lists/oss-security/2015/03/16/1
github.com/moodle/moodle
github.com/moodle/moodle/commit/71aeb8a9cb4cf06f0b4aa49daf527e5c866db30e
github.com/moodle/moodle/commit/8b6fcfa958204c6f26c410b9a9757612b326b6c7
github.com/moodle/moodle/commit/ceab40d186e241a9c239392954c6afdc3e2c3a4f
github.com/moodle/moodle/commit/f1fb96b698876bece46e8606b3c6c78889265e2b
moodle.org/mod/forum/discuss.php?d=307387
nvd.nist.gov/vuln/detail/CVE-2015-2273