Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.Referenceshttp://www.securityfocus.com/bid/100867https://moodle.org/mod/forum/discuss.php?d=358585
