The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. This affects versions 3.9 to 3.9.1. Fixed in 3.9.2. Reference: https://moodle.org/mod/forum/discuss.php?d=410839
External References: https://moodle.org/mod/forum/discuss.php?d=410839
Fedora 33 has 3.9.3, no release has an impacted version.