Tehofu

**Name of the Vulnerable Software and Affected Versions** Collabora Online versions for mobile devices (Android/iOS) **Description** Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile device variants, it was possible to inject JavaScript via URL encoded values in links contained in documents. Since the Android JavaScript interface allows access to internal functions, the likelihood that the app could be compromised is considered high. Non-mobile variants are not affected. **Recommendations** For mobile variants, update to the latest version provided by the platform app store. As a temporary workaround, consider restricting access to links contained in documents until a patch is available. Avoid using URL encoded values in links contained in documents until the issue is resolved. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Moodle (affected versions not specified) **Description** A flaw was found in Moodle due to inadequate protection of the web page structure, allowing a remote attacker to perform cross-site scripting (XSS) attacks. The issue arises from H5P error messages that require additional sanitizing to prevent reflected XSS risks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.