moodle/moodle is vulnerable to Cross-Site Scripting (XSS). The vulnerability exists due to insufficient sanitization of user-supplied data in specific returnurl
parameters; a remote attacker can trick a victim to follow a specially crafted link resulting in the execution of arbitrary HTML and JavaScript code in the user’s browser.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76810
bugzilla.redhat.com/show_bug.cgi?id=2162526
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76810
github.com/advisories/GHSA-97qf-pq7x-964m
github.com/moodle/moodle/commit/261fe42c055eddfc59a82743d738f08622cd3a02
github.com/moodle/moodle/commit/2ea89b98a75b79144ebe482c6b74b5e32658ff64
github.com/moodle/moodle/commit/312318201b426f7b1f63bbfc03e3c950d496e854
github.com/moodle/moodle/commit/799f7fb18f1ddccbe08faa98882c1552c5cce264
moodle.org/mod/forum/discuss.php?d=443272#p1782021