CVE 2021-36403

In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.

See the CVE page on Mitre.org for more details.