Ciaran Mcnally

**Name of the Vulnerable Software and Affected Versions** DotNetNuke (DNN) versions prior to 8.0.1 **Description** The issue is related to a cross-site scripting (XSS) vulnerability in the user-profile biography section. This allows remote authenticated users to inject arbitrary web script or HTML via a crafted `onclick` attribute in an `IMG` element. **Recommendations** For versions prior to 8.0.1, update to version 8.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the user-profile biography section until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.2.11 Moodle versions 2.3.x before 2.3.9 Moodle versions 2.4.x before 2.4.6 Moodle versions 2.5.x before 2.5.2 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed, potentially leading to cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 2.2.11, update to version 2.2.11 or later. For versions 2.3.x before 2.3.9, update to version 2.3.9 or later. For versions 2.4.x before 2.4.6, update to version 2.4.6 or later. For versions 2.5.x before 2.5.2, update to version 2.5.2 or later.