Ariel

**Name of the Vulnerable Software and Affected Versions** Plogger version Beta 2 **Description** The issue allows remote attackers to execute arbitrary code via a URL in the `config[basedir]` parameter in the plog-admin-functions.php file. **Recommendations** For Plogger version Beta 2, update the plog-admin-functions.php file to restrict access to the `config[basedir]` parameter, or consider disabling the vulnerable function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 1.3 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `reply` parameter in the "post.php" file. **Recommendations** For versions prior to 1.3, update to version 1.3 or later to resolve the issue.