Degrange

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue is related to insufficient filtering of grade report history, which allows teachers to access the names of users they could not otherwise access. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moodle (affected versions not specified) **Description** The issue exists due to insufficient sanitization of user-supplied data in some `returnurl` parameters. A remote attacker can trick the victim into following a specially crafted link and execute arbitrary HTML and script code in the user's browser in the context of the vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks, potentially stealing confidential information, modifying the appearance of web pages, and conducting phishing attacks or drive-by downloads. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.