Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/16023
http://securitytracker.com/id?1010008