jumpto.php in Moodle 1.5.2 allows remote malicious users to redirect users to other sites via the jump parameter.
moodle moodle 1.5.2