Oliveira Lima

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.8.x through 2.8.9 Moodle versions 2.9.x through 2.9.3 Moodle versions 3.0.x through 3.0.1 **Description** A cross-site scripting (XSS) issue exists due to insufficient protection of the web page structure. This allows remote attackers to inject arbitrary web script or HTML via a crafted search string. **Recommendations** For Moodle versions 2.8.x through 2.8.9, update to version 2.8.10 or later. For Moodle versions 2.9.x through 2.9.3, update to version 2.9.4 or later. For Moodle versions 3.0.x through 3.0.1, update to version 3.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** Zabbix versions 2.2 through 2.2.21rc1 Zabbix versions 3.0 through 3.0.13rc1 Zabbix versions 3.1.x through 3.2.10rc1 Zabbix versions 3.3.x through 3.4.4rc1 **Description** The issue allows for an open redirect via the `request` parameter. This can potentially be exploited by attackers to redirect users to malicious websites. **Recommendations** For Zabbix versions 2.2 through 2.2.21rc1, update to version 2.2.21rc1 or later. For Zabbix versions 3.0 through 3.0.13rc1, update to version 3.0.13rc1 or later. For Zabbix versions 3.1.x through 3.2.10rc1, update to version 3.2.10rc1 or later. For Zabbix versions 3.3.x through 3.4.4rc1, update to version 3.4.4rc1 or later. As a temporary workaround, consider restricting access to the vulnerable parameter `request` until a patch is available.