High severityNVD Advisory· Published Jul 10, 2018· Updated Aug 5, 2024
CVE-2018-10891
CVE-2018-10891
Description
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | >= 3.5.0, < 3.5.1 | 3.5.1 |
moodle/moodlePackagist | >= 3.4.0, < 3.4.4 | 3.4.4 |
moodle/moodlePackagist | >= 3.3.0, < 3.3.7 | 3.3.7 |
moodle/moodlePackagist | >= 3.2.0, < 3.2.10 | 3.2.10 |
moodle/moodlePackagist | >= 3.1.0, < 3.1.13 | 3.1.13 |
Affected products
1Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-p7v9-gjrh-563xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-10891ghsaADVISORY
- www.securityfocus.com/bid/104739mitrevdb-entryx_refsource_BID
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/moodle/moodle/commit/0b18d0c960c27994dd9870d286f2da3fa5868c06ghsaWEB
- moodle.org/mod/forum/discuss.phpghsax_refsource_CONFIRMWEB
- web.archive.org/web/20210124185945/https://www.securityfocus.com/bid/104739ghsaWEB
News mentions
0No linked articles in our index yet.