[OctoPrint] Cross-site Scripting in OctoPrint

Cross-site Scripting (XSS) – DOM in GitHub repository octoprint/octoprint prior to 1.8.0. The login endpoint allows for javascript injection which may lead to account takeover in a phishing scenario.
References

https://nvd.nist.gov/vuln/detail/CVE-202…

[OctoPrint] Cross-site Scripting in OctoPrint

Cross-site Scripting (XSS) – Generic in GitHub repository octoprint/octoprint prior to 1.8.0. The Stream URL of octoprint application allowing a xss payload to execute.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-1432
https://github.com/octop…

[moodle/moodle] Cross-site Scripting in moodle

A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-30596
https://bugzilla.redhat.com/show_…

[moodle/moodle] SQL injection in moodle

A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-30599
https://bugzilla.redhat.com/show_bug.cgi?id=2083610
https://moodle.org/mo…