EPSS
Percentile
36.1%
Recommender before 1.3.1 allows XSS. It is possible for a learner to craft a fake resource to recommender, that includes script which could possibly steal credentials from staff if they are lured into viewing the recommended resource.
github.com/edx/RecommenderXBlock/pull/2
groups.google.com/forum/#!topic/openedx-announce/SF8Sn6MuUTg
nvd.nist.gov/vuln/detail/CVE-2018-20858