Moodle does not set the RISK_XSS bit for graders

access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted essay feedback...

Moodle Lesson Module Cross-Site Scripting Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment.Lesson is one of the modules for selecting courses online. A security vulnerability exists in the access.php script in the Lesson modul...

CVE-2015-0216

access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted essay feedback...

CVE-2015-0216

CVE-2015-0216 : In Moodle 2.8.x, prior to 2.8.2, the Lesson module’s access.php does not set the RISK_XSS bit for graders. This allows remote authenticated users to execute cross-site scripting (XSS) via crafted essay feedback. The condition is documented in multiple sources (NVD entry with CVSSv...

CVE-2015-0216

access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted essay feedback...