Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. This flaw affects versions 4.2 to 4.2.2, 4.1 to 4.1.5, 4.0 to 4.0.10, 3.11 to 3.11.16, 3.9 to 3.9.23 and earlier unsupported versions.
https://moodle.org/mod/forum/discuss.php?d=451585
Created moodle tracking bugs for this issue: Affects: epel-7 [bug 2244906] Affects: fedora-all [bug 2244907]