A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.Referenceshttps://moodle.org/mod/forum/discuss.php?d=373371https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10891http://www.securityfocus.com/bid/104739
