http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3555 "Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424." Appears to affect 1.6.x and 1.8.x too: http://eduspaces.net/moodlenews/weblog/181794.html http://download.moodle.org/stable18/CHANGES http://download.moodle.org/stable16/CHANGES
Built 1.8.2 for rawhide, which addresses this. Will push to 7, etc after testing.
moodle-1.8.2-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.