Eric Merrill

**Name of the Vulnerable Software and Affected Versions** Moodle (affected versions not specified) **Description** A reflected cross-site scripting vulnerability was discovered in Moodle due to insufficient sanitization of user-supplied data in the policy tool. An attacker can trick the victim into opening a specially crafted link that executes arbitrary HTML and script code in the user's browser in the context of the vulnerable website. This may allow an attacker to perform cross-site scripting (XSS) attacks to gain access to potentially sensitive information and modification of web pages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cisco Webex Training (affected versions not specified) Description: The issue is related to improper validation of input to API requests, allowing an authenticated, remote attacker to join a password-protected meeting without providing the meeting password. This could be achieved by sending an API request that returns a URL with a prepopulated meeting join page, including the meeting username and password. A successful exploit would allow the attacker to join the meeting and be visible in the attendee list. The vulnerability is also described as being related to insufficient validation of input data, which could enable a remote attacker to gain unauthorized access to protected information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.