Cross-site scripting in recommender-xblock
Recommender before 1.3.1 allows XSS. It is possible for a learner to craft a fake resource to recommender, that includes script which could possibly steal credentials from staff if they are lured into viewing the recommended resource.