Version 4.6.3 fixes a possible xss injection
The Kajona Team just pushed version 4.6.3 of module system to the package-servers. The patch-update fixes a possible xss injection in the backend (SROEADV-2015-01).
Even if the injection is possible for logged-in users only, we strongly advise all users to upgrade their systems using the built in package management.