moodle/moodle is vulnerable to Cross-Site Scripting (XSS). The vulnerability exists due to the col_fullname
function in token_table.php
because the identity fields are not properly escaped which allows an attacker to inject and execute arbitrary JavaScript in the browser.