In Moodle 3.x, XSS can occur via evidence of prior learning.
github.com/moodle/moodle
github.com/moodle/moodle/commit/ac40d8b589820929fe4201a3f0640414e2b9dabd
moodle.org/mod/forum/discuss.php?d=349421
nvd.nist.gov/vuln/detail/CVE-2017-2644
web.archive.org/web/20210124004851/www.securityfocus.com/bid/96979
web.archive.org/web/20210227004858/www.securitytracker.com/id/1038174