Moodle is vulnerable to cross-site scripting (XSS) attacks. The attacks exist because output from mod_data advanced search form fields values are not sanitize properly, allowing the attackers to target users with higher permissions to click a link through this loophole.