Richcfno1

**Name of the Vulnerable Software and Affected Versions** Submitty versions prior to 22.06.00 **Description** The issue allows an attacker to create a malicious link in the forum that leads to Cross Site Scripting (XSS). This can be exploited by an attacker to execute malicious scripts on the victim's browser. **Recommendations** For versions prior to 22.06.00, update to version 22.06.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the forum to minimize the risk of exploitation. Avoid using links from untrusted sources in the forum until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Submitty versions prior to 22.06.00 **Description** The issue allows an attacker to delete any post in the forum by modifying a request parameter, due to incorrect access control. This can be achieved by altering the `request parameter`, although the specific parameter name is not provided. The attack vector involves manipulating this parameter to gain unauthorized access to post deletion functionality. **Recommendations** For versions prior to 22.06.00, update to version 22.06.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the forum post deletion functionality until a patch is applied. Avoid using modified request parameters in the affected API endpoint until the issue is resolved.