CVE-2015-0216

Name of the Vulnerable Software and Affected Versions Moodle versions 2.8.x through 2.8.1

Description The issue allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback. This is due to the failure to set the RISK XSS bit for graders in the access.php file of the Lesson module. The exploitation of this issue may enable a remote attacker to perform cross-site scripting using the feedback form.

Recommendations For Moodle versions 2.8.x through 2.8.1, update to version 2.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Lesson module's essay feedback feature until the update is applied.