Moodle versions 2.3.9 and below and 2.4.6 suffer from a javascript insertion vulnerability that allows for the addition of an RSS blog…. Moodle versions 2.3.9 and below and 2.4.6 suffer from a javascript insertion vulnerability that allows for the addition of an RSS blog.

Read more http://packetstormsecurity.com/files/123150/moodle-inject.txt