Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
git.moodle.org/gw?p=moodle.git;a=commit;h=fd29b2ad1c20906da00d7e523f39bc8a0358a65b
moodle.org/mod/forum/discuss.php?d=170003
openwall.com/lists/oss-security/2011/11/14/1
github.com/moodle/moodle
github.com/moodle/moodle/commit/34b93e39a64a68e4a676b93ccf2bd87a1d3b5ef8
github.com/moodle/moodle/commit/fd29b2ad1c20906da00d7e523f39bc8a0358a65b
nvd.nist.gov/vuln/detail/CVE-2011-4278