A vulnerability was found in moodle 3.7 prior to 3.7.3, where there is blind XSS reflected in some locations where user email is displayed.
moodle moodle