Moodle is vulnerable to cross-site scripting(XSS) attacks. The attacks are possible because the application does not use the RISK_XSS
flag in mod/quiz/db/access.php
, allowing attackers to use this loophole when providing gradebook feedback for manual quiz grading.