moodle/moodle is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute arbitrary Javascript in a user’s browser by storing malicious code when renaming content bank items, which would render when a victim views the bank items.
bugzilla.redhat.com/show_bug.cgi?id=1895437
git.moodle.org/gw?p=moodle.git;a=commit;h=66be08216e647532b295a9132070d2435ecd7ad9
lists.fedoraproject.org/archives/list/[email protected]/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU/
lists.fedoraproject.org/archives/list/[email protected]/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6/
moodle.org/mod/forum/discuss.php?d=413940