The course upload preview contained an XSS risk for users uploading unsafe data. This flaw affects versions 4.2 to 4.2.2, 4.1 to 4.1.5, 4.0 to 4.0.10, 3.11 to 3.11.16, 3.9 to 3.9.23 and earlier unsupported versions.
https://moodle.org/mod/forum/discuss.php?d=451588
Created moodle tracking bugs for this issue: Affects: epel-7 [bug 2244915] Affects: fedora-all [bug 2244916]