Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading
implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before
2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote
authenticated users to inject arbitrary web script or HTML via a crafted
(1) qualification or (2) rating field in a rubric.