Luuk Verhoeven

**Name of the Vulnerable Software and Affected Versions** Moodle (affected versions not specified) **Description** A reflected XSS issue was identified in the LTI module of Moodle due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim into following a specially crafted link and execute arbitrary HTML and script code in the user's browser in the context of the vulnerable website to steal potentially sensitive information, change the appearance of the web page, perform phishing, and drive-by-download attacks. This issue does not impact authenticated users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SoftwareX versions 3.5 through 3.5.13 SoftwareX versions 3.7 through 3.7.7 SoftwareX versions 3.8 through 3.8.4 SoftwareX versions 3.9 through 3.9.1 **Description** The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. **Recommendations** For versions 3.5 through 3.5.13, update to version 3.5.14. For versions 3.7 through 3.7.7, update to version 3.7.8. For versions 3.8 through 3.8.4, update to version 3.8.5. For versions 3.9 through 3.9.1, update to version 3.9.2.