CVE-2018-10891

Summary

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]moodlemoodle 3.5.1affected
[UNKNOWN]moodlemoodle 3.4.4affected
[UNKNOWN]moodlemoodle 3.3.7affected
[UNKNOWN]moodlemoodle 3.1.13affected

Weaknesses

  • CWE-20: CWE-20

ADP Enrichment

CVE Program Container

Additional References

References