Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2015-0212

Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9 2.6.x before 2.6.7 2.7.x before 2.7.4 and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.