CVE-2015-0216
CVE-2015-0216 : In Moodle 2.8.x, prior to 2.8.2, the Lesson module’s access.php does not set the RISK_XSS bit for graders. This allows remote authenticated users to execute cross-site scripting (XSS) via crafted essay feedback. The condition is documented in multiple sources (NVD entry with CVSSv...