Public CVE-2021-36401 disclosure

In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.