CVE 2020-1691

In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting.

See the CVE page on Mitre.org for more details.