The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. This affects versions 3.9 to 3.9.1. Fixed in 3.9.2.
{ "versions": [ { "introduced": "3.9.0" }, { "fixed": "3.9.2" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25627.json"