Moodle user profile field cross-site scripting vulnerability

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. cross-site scripting vulnerability exists in Moodle 3.11.0 and later, versions prior to 3.11.1, 4.0.0 and later, and versions prior to 4.0.5. The vulnerability stems from a failure to effectively clean the data provided by users in multiple "social " user profile fields, an attacker could use this vulnerability to inject and execute arbitrary HTML code and script code in the context of a vulnerable website.