Public CVE-2021-36397 disclosure

In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.