Ata Hakcil

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 3.10.1 Moodle versions prior to 3.9.4 Moodle versions prior to 3.8.7 Moodle versions prior to 3.5.16 **Description** The issue is related to insufficient cleaning of user-provided data in the TeX notation filter of the Moodle virtual learning environment. This can allow a remote attacker to conduct cross-site scripting attacks. The risk of stored XSS exists if the TeX notation filter is enabled and additional sanitizing of TeX content is not performed. **Recommendations** For versions prior to 3.10.1, update to version 3.10.1 or later to resolve the issue. For versions prior to 3.9.4, update to version 3.9.4 or later to resolve the issue. For versions prior to 3.8.7, update to version 3.8.7 or later to resolve the issue. For versions prior to 3.5.16, update to version 3.5.16 or later to resolve the issue. As a temporary workaround, consider disabling the TeX notation filter until a patch is available.