Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.
2016-02-22T05:59:14.530
2025-04-12T10:46:40.837
Deferred
CVSSv3.0: 5.4 (MEDIUM)
AV:N/AC:M/Au:S/C:N/I:P/A:N
6.8
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | moodle | moodle | ≤ 2.6.11 | Yes |
| Application | moodle | moodle | 2.7.0 | Yes |
| Application | moodle | moodle | 2.7.1 | Yes |
| Application | moodle | moodle | 2.7.2 | Yes |
| Application | moodle | moodle | 2.7.3 | Yes |
| Application | moodle | moodle | 2.7.4 | Yes |
| Application | moodle | moodle | 2.7.5 | Yes |
| Application | moodle | moodle | 2.7.6 | Yes |
| Application | moodle | moodle | 2.7.7 | Yes |
| Application | moodle | moodle | 2.7.8 | Yes |
| Application | moodle | moodle | 2.7.9 | Yes |
| Application | moodle | moodle | 2.7.10 | Yes |
| Application | moodle | moodle | 2.8.0 | Yes |
| Application | moodle | moodle | 2.8.1 | Yes |
| Application | moodle | moodle | 2.8.2 | Yes |
| Application | moodle | moodle | 2.8.3 | Yes |
| Application | moodle | moodle | 2.8.4 | Yes |
| Application | moodle | moodle | 2.8.5 | Yes |
| Application | moodle | moodle | 2.8.6 | Yes |
| Application | moodle | moodle | 2.8.7 | Yes |
| Application | moodle | moodle | 2.8.8 | Yes |
| Application | moodle | moodle | 2.9.0 | Yes |
| Application | moodle | moodle | 2.9.1 | Yes |
| Application | moodle | moodle | 2.9.2 | Yes |