Moodle is vulnerable to cross-site scripting (XSS) attacks. The library does not properly filter user input to the quiz_question_tostring
function in mod/quiz/editlib.php
, allowing a malicious user to inject and execute arbitrary HTML script.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | 2.6.1 | |
moodle/moodle | le | 2.4.8 | |
moodle/moodle | le | 2.5.4 | |
moodle/moodle | le | 2.3.11 |