moodle/moodle is vulnerable to stored cross-site scripting. The vulnerability exists in get_question_heading
function in report.php
due to lack of sanitization which allows an attacker to inject and execute arbitrary javascript.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | v3.11.6 | |
moodle/moodle | le | v3.11.6 |