Michael Ritter

**Name of the Vulnerable Software and Affected Versions** Uncanny Groups for LearnDash versions prior to 3.7 **Description** Multiple cross-site scripting (XSS) vulnerabilities allow authenticated remote attackers to inject arbitrary JavaScript or HTML via various parameters. The affected parameters include `ulgm code redeem` in user-code-redemption.php, `ulgm user first`, `ulgm user last`, `ulgm user email`, `ulgm code registration`, and `ulgm terms conditions` in user-registration-form.php, ` ulgm total seats` in frontend-uo groups buy courses.php, `uncanny group signup user first`, `uncanny group signup user last`, `uncanny group signup user login`, and `uncanny group signup user email` in group-registration-form.php, as well as `success-invited`, `bulk-errors`, and `message` GET Parameters in frontend-uo groups.php. **Recommendations** To resolve the issue, update to version 3.7 or later. As a temporary workaround, consider restricting access to the affected parameters and files until the update is applied. Specifically, restrict the use of the `ulgm code redeem`, `ulgm user first`, `ulgm user last`, `ulgm user email`, `ulgm code registration`, `ulgm terms conditions`, ` ulgm total seats`, `uncanny group signup user first`, `uncanny group signup user last`, `uncanny group signup user login`, and `uncanny group signup user email` parameters, as well as the `success-invited`, `bulk-errors`, and `message` GET Parameters in frontend-uo groups.php.

**Name of the Vulnerable Software and Affected Versions** Uncanny Owl Tin Canny LearnDash Reporting versions prior to 3.4.4 **Description** The issue allows authenticated remote attackers to inject arbitrary web script or HTML via several parameters, including the `search key` GET parameter in TinCan Content List Table.php, `message` GET parameter in licensing.php, and multiple `tc filter` parameters in reporting-admin-menu.php. These parameters include `tc filter group`, `tc filter user`, `tc filter course`, `tc filter lesson`, `tc filter module`, `tc filter action`, `tc filter data range`, and `tc filter data range last`. **Recommendations** For versions prior to 3.4.4, update to version 3.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected parameters, such as `search key`, `message`, and the `tc filter` parameters, until a patch is applied. Avoid using these parameters in the affected API endpoints, specifically in TinCan Content List Table.php and licensing.php, until the issue is resolved.