moodle/moodle is vulnerable to HTML Injection. The vulnerability due to Moodle’s support for HTML code insertion within the Chat activity, which allows students to insert potentially harmful HTML elements that could lead to performance degradation.
docs.moodle.org/403/en/Using_Chat
gist.githubusercontent.com/minendie/4f23174687bc4d8eb7f727d9959b5399/raw/9ce573cebcce5521d9d6f826ab68f3780036b874/CVE-2024-28593.txt
github.com/advisories/GHSA-f6mh-79vh-2hv7
medium.com/%40lamscun/how-do-i-change-htmli-from-low-to-critical-your-email-box-is-safe-e7171efd88fe
medium.com/@lamscun/how-do-i-change-htmli-from-low-to-critical-your-email-box-is-safe-e7171efd88fe