at the moment we are a running Moodle site, which is hosted by
Chinese partner because of joint venture with our company.
Now the Chinese Operator threatened to close down our site,
because according to his scanner the search.php in combination
with "mouseover" there could be a css - attack. I attached a
screenshot with the scan output. However, I can't figure out
what is a risk here and more important how to fix it.
I don't know wether, it is a real moodle bug. I need a fix, hack or so
in order to keep the scanner silent here...
Can you get me started on how to do that ?