Moodle is vulnerable to cross-site scripting (XSS) attacks. These attacks are possible because the Skype ID profile field is not sanitized.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683
openwall.com/lists/oss-security/2014/07/21/1
osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/
osvdb.org/show/osvdb/109337
packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html
www.exploit-db.com/exploits/34169
www.securityfocus.com/bid/68756
github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95d
moodle.org/mod/forum/discuss.php?d=264265
www.exploit-db.com/exploits/34169/