Ed Zarecor

**Name of the Vulnerable Software and Affected Versions** edx-platform versions prior to 2015-09-17 **Description** The issue allows for XSS via a team name. **Recommendations** For versions prior to 2015-09-17, update to a version released after 2015-09-17 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** edx-platform versions prior to 2016-06-06 **Description** The issue allows for Cross-Site Request Forgery (CSRF) attacks. CSRF is a type of attack where an attacker tricks a user into performing unintended actions on a web application that the user is authenticated to. **Recommendations** For versions prior to 2016-06-06, update to a version released after 2016-06-06 to resolve the issue.