Moodle is vulnerable to multiple cross-site scripting (XSS) attacks. The attacks can be triggered because the file picker module does not properly handle filenames from users, allowing the attackers to upload files with filenames containing malicious code.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507
lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
openwall.com/lists/oss-security/2013/03/25/2
git.moodle.org/gw?p=moodle.git;a=commit;h=954b35451112c333c0ae77dff25dafbf41587c26
moodle.org/mod/forum/discuss.php?d=225344