Babar Khan Akhunzada

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 3.9.8 Moodle versions prior to 3.10.5 Moodle versions prior to 3.11.1 **Description** The issue in Moodle is related to insufficient input validation, which may allow a remote attacker to obtain confidential information. Specifically, users' names required additional sanitizing in the account confirmation email to prevent a self-registration phishing risk. **Recommendations** For versions prior to 3.9.8, update to version 3.9.8 or later to resolve the issue. For versions prior to 3.10.5, update to version 3.10.5 or later to resolve the issue. For versions prior to 3.11.1, update to version 3.11.1 or later to resolve the issue. As a temporary workaround, consider implementing additional sanitizing for users' names in the account confirmation email to prevent self-registration phishing risks.