1 matches found
UBUNTU-CVE-2015-0216
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted essay feedback...