Moodle is susceptible to arbitrary web script or HTML injection attacks. The attacks can be triggered because repository renaming setting for administrator is not filtered, allowing authenticated administrators to inject the arbitrary script through it.
git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-33808
openwall.com/lists/oss-security/2012/07/17/1
secunia.com/advisories/49890
www.securityfocus.com/bid/54481
exchange.xforce.ibmcloud.com/vulnerabilities/76959
git.moodle.org/gw?p=moodle.git;a=commit;h=217926aaa14fb672e8eb2c660637cca87dfbf402