Fir3Storm

**Name of the Vulnerable Software and Affected Versions** ServitiumCRM version 2.10 **Description** A cross-site scripting (XSS) issue exists in ServitiumCRM version 2.10. This allows attackers to execute arbitrary code through a crafted URL targeting the `mobile` parameter. **Recommendations** Sanitize or encode the `mobile` parameter to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** Moodle version 3.10.9 **Description** A Cross-Site Scripting (XSS) issue exists due to inadequate protection of the webpage structure when handling the `lang` parameter in the "/?lang=" URL parameter. This could allow a remote attacker to read, modify, or delete data and implement cross-site scripting attacks. **Recommendations** For Moodle version 3.10.9, consider disabling the `lang` parameter in the "/?lang=" URL parameter until a patch is available. Restrict access to this parameter to minimize the risk of exploitation. Avoid using the `lang` parameter in the affected API endpoint until the issue is resolved.