Degrangem

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The issue is related to a link used to reset all templates of a database activity, which did not include the necessary token to prevent a CSRF risk. This could potentially allow unauthorized actions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 3.9 through 3.9.2 **Description** The issue allowed including JavaScript when re-naming content bank items. This is fixed in Moodle versions 3.9.3 and 3.10. **Recommendations** For versions 3.9 through 3.9.2, update to version 3.9.3 or 3.10 to resolve the issue. As a temporary workaround, consider restricting the ability to re-name content bank items until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 3.7 through 3.7.7 Moodle versions 3.8 through 3.8.4 Moodle versions 3.9 through 3.9.1 **Description** A vulnerability was found in Moodle where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. **Recommendations** For versions 3.7 through 3.7.7, update to version 3.7.8. For versions 3.8 through 3.8.4, update to version 3.8.5. For versions 3.9 through 3.9.1, update to version 3.9.2.