A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the "GET /?lang=" URL parameter. https://gist.github.com/fir3storm/f9c7f3ec1a6496498517ed216d2640b2
Created moodle tracking bugs for this issue: Affects: epel-all [bug 2270862] Affects: fedora-all [bug 2270861]