moodle/moodle is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to insufficient escaping of calendar event titles, leading to a stored XSS risk in the event deletion prompt.
github.com/advisories/GHSA-p5cg-6rfr-6mx8
github.com/moodle/moodle/commit/3048a162cb62ed929e7001b33a2a2d28ff62eafb
github.com/moodle/moodle/commit/891e9994b45e4a2841539e556586dd066026a259
github.com/moodle/moodle/commit/df42e007ce83a05e7fdd7c94d700231cf1f66b97
lists.fedoraproject.org/archives/list/[email protected]/message/F7AZYR7EXV6E5SQE2GYTNQE3NOENJCQ6/
lists.fedoraproject.org/archives/list/[email protected]/message/GHTIX55J4Q4LEOMLNEA4OZSWVEENQX7E/
moodle.org/mod/forum/discuss.php?d=459499