diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index b0061b3..d43136b 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -5,5 +5,5 @@
       "extensions": ["ms-python.python", "ms-python.vscode-pylance", "ms-vscode.cpptools-extension-pack", "redhat.vscode-yaml", "golang.go"]
     }
   },
-  "postCreateCommand": "npm install --prefix Season-2/Level-4/ Season-2/Level-4/ && npm install --global mocha"
+  "postCreateCommand": "npm install --prefix Season-2/Level-3/ Season-2/Level-3/ && npm install --global mocha"
 }
\ No newline at end of file
diff --git a/Season-2/Level-4/.env.production b/Season-2/Level-3/.env.production
similarity index 100%
rename from Season-2/Level-4/.env.production
rename to Season-2/Level-3/.env.production
diff --git a/Season-2/Level-4/code.js b/Season-2/Level-3/code.js
similarity index 98%
rename from Season-2/Level-4/code.js
rename to Season-2/Level-3/code.js
index ba55ab9..6b79ff7 100644
--- a/Season-2/Level-4/code.js
+++ b/Season-2/Level-3/code.js
@@ -1,4 +1,4 @@
-// Welcome to Secure Code Game Season-2/Level-4!
+// Welcome to Secure Code Game Season-2/Level-3!
 
 // Follow the instructions below to get started:
 
diff --git a/Season-2/Level-4/hack.admin b/Season-2/Level-3/hack.admin
similarity index 100%
rename from Season-2/Level-4/hack.admin
rename to Season-2/Level-3/hack.admin
diff --git a/Season-2/Level-4/hack.js b/Season-2/Level-3/hack.js
similarity index 97%
rename from Season-2/Level-4/hack.js
rename to Season-2/Level-3/hack.js
index 652958a..7ea6cda 100644
--- a/Season-2/Level-4/hack.js
+++ b/Season-2/Level-3/hack.js
@@ -1,13 +1,13 @@
 // Run hack.js by following the instructions below:
 
 // Run file by opening a terminal and running the following:
-// $ mocha Season-2/Level-4/hack.js
+// $ mocha Season-2/Level-3/hack.js
 
 // If you're inside a Codespace, the above should be running smoothly. 
 
 // In case you're running this locally, please run the following command first, 
 // and then run the hack file:
-// $ npm install Season-2/Level-4/ && npm install --global mocha
+// $ npm install Season-2/Level-3/ && npm install --global mocha
 
 const app = require("./code");
 // const app = require("./solution"); // To test the solution, uncomment this line and comment the one above
diff --git a/Season-2/Level-3/hint.txt b/Season-2/Level-3/hint.txt
index 5d0fa72..5aff459 100644
--- a/Season-2/Level-3/hint.txt
+++ b/Season-2/Level-3/hint.txt
@@ -1 +1,8 @@
-How does the site handle user input before and after displaying it?
\ No newline at end of file
+Entities are primarily used to make XML documents more modular, maintainable, and efficient.
+Hackers always look for unconventional ways of exploiting a feature.
+
+Especially if that feature (replaceEntities) allows them to retrieve file contents from the server.
+The server also appears to behave differently when retrieving files with a specific extension.
+
+Can you trick the server into uploading files with that special extension and.. have an impact to what this code does?
+But do we really need the upload endpoint? Why did the developer create it in the first place?
\ No newline at end of file
diff --git a/Season-2/Level-4/package-lock.json b/Season-2/Level-3/package-lock.json
similarity index 100%
rename from Season-2/Level-4/package-lock.json
rename to Season-2/Level-3/package-lock.json
diff --git a/Season-2/Level-4/package.json b/Season-2/Level-3/package.json
similarity index 100%
rename from Season-2/Level-4/package.json
rename to Season-2/Level-3/package.json
diff --git a/Season-2/Level-4/solution.js b/Season-2/Level-3/solution.js
similarity index 100%
rename from Season-2/Level-4/solution.js
rename to Season-2/Level-3/solution.js
diff --git a/Season-2/Level-4/tests.js b/Season-2/Level-3/tests.js
similarity index 95%
rename from Season-2/Level-4/tests.js
rename to Season-2/Level-3/tests.js
index 03b9275..e2a26bd 100644
--- a/Season-2/Level-4/tests.js
+++ b/Season-2/Level-3/tests.js
@@ -1,13 +1,13 @@
 // Run tests.js by following the instructions below:
 
 // Run file by opening a terminal and running the following:
-// $ mocha Season-2/Level-4/tests.js
+// $ mocha Season-2/Level-3/tests.js
 
 // If you're inside a Codespace, the above should be running smoothly.
 
 // In case you're running this locally, please run the following command 
 // first, and then run the tests' file:
-// $ npm install Season-2/Level-4/ && npm install --global mocha
+// $ npm install Season-2/Level-3/ && npm install --global mocha
 
 const app = require("./code");
 // const app = require("./solution"); // To test the solution, uncomment this line and comment the one above
diff --git a/Season-2/Level-3/code.py b/Season-2/Level-4/code.py
similarity index 91%
rename from Season-2/Level-3/code.py
rename to Season-2/Level-4/code.py
index 0765b77..498ba4f 100644
--- a/Season-2/Level-3/code.py
+++ b/Season-2/Level-4/code.py
@@ -1,4 +1,4 @@
-# Welcome to Secure Code Game Season-2/Level-3!
+# Welcome to Secure Code Game Season-2/Level-4!
 
 # Follow the instructions below to get started:
 
@@ -12,7 +12,7 @@
 # Run code.py (RECOMMENDED for this level) by following the instructions below:
 
 # Run by opening a terminal and running the following:
-# $ export FLASK_APP=Season-2/Level-3/code.py && export FLASK_ENV=development && export FLASK_DEBUG=0 && flask run
+# $ export FLASK_APP=Season-2/Level-4/code.py && export FLASK_ENV=development && export FLASK_DEBUG=0 && flask run
 
 import os
 import re
@@ -20,7 +20,7 @@
 app = Flask(__name__)
 
 # Set the absolute path to the template directory
-template_dir = os.path.abspath('Season-2/Level-3/templates')
+template_dir = os.path.abspath('Season-2/Level-4/templates')
 app.template_folder = template_dir
 
 # Hard-coded planet data
diff --git a/Season-2/Level-3/hack.txt b/Season-2/Level-4/hack.txt
similarity index 100%
rename from Season-2/Level-3/hack.txt
rename to Season-2/Level-4/hack.txt
diff --git a/Season-2/Level-4/hint.txt b/Season-2/Level-4/hint.txt
index 5aff459..5d0fa72 100644
--- a/Season-2/Level-4/hint.txt
+++ b/Season-2/Level-4/hint.txt
@@ -1,8 +1 @@
-Entities are primarily used to make XML documents more modular, maintainable, and efficient.
-Hackers always look for unconventional ways of exploiting a feature.
-
-Especially if that feature (replaceEntities) allows them to retrieve file contents from the server.
-The server also appears to behave differently when retrieving files with a specific extension.
-
-Can you trick the server into uploading files with that special extension and.. have an impact to what this code does?
-But do we really need the upload endpoint? Why did the developer create it in the first place?
\ No newline at end of file
+How does the site handle user input before and after displaying it?
\ No newline at end of file
diff --git a/Season-2/Level-3/solution.txt b/Season-2/Level-4/solution.txt
similarity index 100%
rename from Season-2/Level-3/solution.txt
rename to Season-2/Level-4/solution.txt
diff --git a/Season-2/Level-3/templates/details.html b/Season-2/Level-4/templates/details.html
similarity index 100%
rename from Season-2/Level-3/templates/details.html
rename to Season-2/Level-4/templates/details.html
diff --git a/Season-2/Level-3/templates/index.html b/Season-2/Level-4/templates/index.html
similarity index 100%
rename from Season-2/Level-3/templates/index.html
rename to Season-2/Level-4/templates/index.html
diff --git a/Season-2/Level-3/tests.py b/Season-2/Level-4/tests.py
similarity index 98%
rename from Season-2/Level-3/tests.py
rename to Season-2/Level-4/tests.py
index f765d6d..e8e08f3 100644
--- a/Season-2/Level-3/tests.py
+++ b/Season-2/Level-4/tests.py
@@ -3,7 +3,7 @@
 # This file contains passing tests.
 
 # Run them by opening a terminal and running the following:
-# $ python3 Season-2/Level-3/tests.py
+# $ python3 Season-2/Level-4/tests.py
 
 # Note: first you have to run code.py following the instructions
 # on top of that file so that the environment variables align but
diff --git a/Season-2/README.md b/Season-2/README.md
index 2dda37f..f9183cd 100644
--- a/Season-2/README.md
+++ b/Season-2/README.md
@@ -82,87 +82,87 @@ Due to the nature of file conventions in the `go` programming language, some fil
 
 If you need assistance, don't hesitate to ask for help in our [GitHub Discussions](https://github.com/skills/secure-code-game/discussions) or on our [Slack](https://gh.io/securitylabslack) in the [#secure-code-game](https://ghsecuritylab.slack.com/archives/C05DH0PSBEZ) channel.
 
-## Season 2 - Level 3: Space-Crossing
+## Season 2 - Level 3: Planet XMLon
 
-_Nice work finishing Level 2: Lumberjack ! It's now time for Level 3: Space-Crossing_ :sparkles:
+_Nicely done! Level 2: Lumberjack is complete. It's time for Level 3: Planet XMLon_ :partying_face:
 
-Languages: `python3`
+Languages: `javascript`
 
 ### 🚀 Credits
 
-The author of this level is [Viral Vaghela](https://www.linkedin.com/in/viralv/).
+The author of this level is Deniz Onur Duzgun [@dduzgun-security](https://github.com/dduzgun-security).
 
 You can be next! We welcome contributions for new game levels! Learn more [here](https://github.com/skills/secure-code-game/blob/main/CONTRIBUTING.md).
 
 ### 📝 Storyline
 
-Our solar system is 4.6 billion years old and it's constantly expanding. So does human interest around the world with local communities of enthusiasts constantly forming in an increasingly digitized world. Space enthusiasts use the internet as an information bank and to connect with their counterparts. This was exactly what drove a local community of space enthusiasts to create a public website, featuring their meetups, alongside contact information and a simple search bar where users can discover rare facts about planets. Having said that, did you know that ninety-five per cent (95%) of the Universe is invisible? What percentage of security issues is invisible though, and for how long? Do you have what it takes to secure the site and progress to Level 4?
+Embark on your quest as a daring EXXplorer in the vibrant landscape of the newly discovered Planet XMLon. The alien inhabitants are baffled by mysterious disruptions in their data transmissions, which may have been caused by the main developer E.T. who added more features than intended. Help them decode the extraterrestrial XML signals and unveil the secrets hidden within the starry constellations of tags, attributes and `.admin` files. Can you secure them all?
 
 ### :keyboard: Setup instructions
 
-- For Levels 2-4 in Season 2, we encourage you to enable code scanning with CodeQL. For more information about CodeQL, see "[About CodeQL](https://codeql.github.com/docs/codeql-overview/about-codeql/)." For instructions on setting up code scanning, see "[Setting up code scanning using starter workflows](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository#setting-up-code-scanning-using-starter-workflows)."
+For Levels 2-4 in Season 2, we encourage you to enable code scanning with CodeQL. For more information about CodeQL, see "[About CodeQL](https://codeql.github.com/docs/codeql-overview/about-codeql/)." For instructions on setting up code scanning, see "[Setting up code scanning using starter workflows](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository#setting-up-code-scanning-using-starter-workflows)."
 
 ### :keyboard: What's in the repo?
 
 - `code` includes the vulnerable code to be reviewed.
 - `hack` exploits the vulnerabilities in `code`. Running `hack` will fail initially and your goal is to get this file to pass 🟢.
+- `hack.admin` is a file used by administrators for debugging purposes.
 - `hint` offers guidance if you get stuck. Remember that you can also view the CodeQL scanning alerts.
+- `package.json` contains all the dependencies required for this level. You can install them by running `npm install`.
+- `package-lock.json` ensures that the same dependencies are installed consistently across different environments.
 - `solution` provides one working solution. There are several possible solutions.
-- `templates/index.html` host a simple front-end to interact with the back-end.
 - `tests` contains the unit tests that should still pass 🟢 after you implement your fix.
+- `.env.production` is an internal server-side file containing a secret environment variable.
 
 ### 🚦 Time to start!
 
-1. Review the code in `code.py`. Can you spot the bug(s)?
+1. Start by installing the dependencies required for this level, by running `npm install`. These dependancies reside inside `package.json`.
+1. Review the code in `code.js`. Can you spot the bug(s)?
 1. Try to fix the bug. Open a pull request to `main` or push your fix to a branch.
-1. You successfully completed this level when you (a) resolve all related code scanning alerts and (b) when both `hack.py` and `tests.py` pass 🟢.
+1. You successfully completed this level when you (a) resolve all related code scanning alerts and (b) when both `hack.js` and `tests.js` pass 🟢.
 1. If you get stuck, read the hint and try again.
 1. If you need more guidance, read the CodeQL scanning alerts.
-1. Compare your solution to `solution.py`.
+1. Compare your solution to `solution.js`.
 
 If you need assistance, don't hesitate to ask for help in our [GitHub Discussions](https://github.com/skills/secure-code-game/discussions) or on our [Slack](https://gh.io/securitylabslack) in the [#secure-code-game](https://ghsecuritylab.slack.com/archives/C05DH0PSBEZ) channel.
 
-## Season 2 - Level 4: Planet XMLon
+## Season 2 - Level 4: Space-Crossing
 
-_Nicely done! Level 3: Space-Crossing is complete. It's time for Level 4: Planet XMLon_ :partying_face:
+_Nice work finishing Level 3: Planet XMLon! It's now time for Level 4: Space-Crossing_ :sparkles:
 
-Languages: `javascript`
+Languages: `python3`
 
 ### 🚀 Credits
 
-The author of this level is Deniz Onur Duzgun [@dduzgun-security](https://github.com/dduzgun-security).
+The author of this level is [Viral Vaghela](https://www.linkedin.com/in/viralv/).
 
 You can be next! We welcome contributions for new game levels! Learn more [here](https://github.com/skills/secure-code-game/blob/main/CONTRIBUTING.md).
 
 ### 📝 Storyline
 
-Embark on your quest as a daring EXXplorer in the vibrant landscape of the newly discovered Planet XMLon. The alien inhabitants are baffled by mysterious disruptions in their data transmissions, which may have been caused by the main developer E.T. who added more features than intended. Help them decode the extraterrestrial XML signals and unveil the secrets hidden within the starry constellations of tags, attributes and `.admin` files. Can you secure them all?
+Our solar system is 4.6 billion years old and it's constantly expanding. So does human interest around the world with local communities of enthusiasts constantly forming in an increasingly digitized world. Space enthusiasts use the internet as an information bank and to connect with their counterparts. This was exactly what drove a local community of space enthusiasts to create a public website, featuring their meetups, alongside contact information and a simple search bar where users can discover rare facts about planets. Having said that, did you know that ninety-five per cent (95%) of the Universe is invisible? What percentage of security issues is invisible though, and for how long? Do you have what it takes to secure the site and progress to Level 4?
 
 ### :keyboard: Setup instructions
 
-For Levels 2-4 in Season 2, we encourage you to enable code scanning with CodeQL. For more information about CodeQL, see "[About CodeQL](https://codeql.github.com/docs/codeql-overview/about-codeql/)." For instructions on setting up code scanning, see "[Setting up code scanning using starter workflows](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository#setting-up-code-scanning-using-starter-workflows)."
+- For Levels 2-4 in Season 2, we encourage you to enable code scanning with CodeQL. For more information about CodeQL, see "[About CodeQL](https://codeql.github.com/docs/codeql-overview/about-codeql/)." For instructions on setting up code scanning, see "[Setting up code scanning using starter workflows](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository#setting-up-code-scanning-using-starter-workflows)."
 
 ### :keyboard: What's in the repo?
 
 - `code` includes the vulnerable code to be reviewed.
 - `hack` exploits the vulnerabilities in `code`. Running `hack` will fail initially and your goal is to get this file to pass 🟢.
-- `hack.admin` is a file used by administrators for debugging purposes.
 - `hint` offers guidance if you get stuck. Remember that you can also view the CodeQL scanning alerts.
-- `package.json` contains all the dependencies required for this level. You can install them by running `npm install`.
-- `package-lock.json` ensures that the same dependencies are installed consistently across different environments.
 - `solution` provides one working solution. There are several possible solutions.
+- `templates/index.html` host a simple front-end to interact with the back-end.
 - `tests` contains the unit tests that should still pass 🟢 after you implement your fix.
-- `.env.production` is an internal server-side file containing a secret environment variable.
 
 ### 🚦 Time to start!
 
-1. Start by installing the dependencies required for this level, by running `npm install`. These dependancies reside inside `package.json`.
-1. Review the code in `code.js`. Can you spot the bug(s)?
+1. Review the code in `code.py`. Can you spot the bug(s)?
 1. Try to fix the bug. Open a pull request to `main` or push your fix to a branch.
-1. You successfully completed this level when you (a) resolve all related code scanning alerts and (b) when both `hack.js` and `tests.js` pass 🟢.
+1. You successfully completed this level when you (a) resolve all related code scanning alerts and (b) when both `hack.py` and `tests.py` pass 🟢.
 1. If you get stuck, read the hint and try again.
 1. If you need more guidance, read the CodeQL scanning alerts.
-1. Compare your solution to `solution.js`.
+1. Compare your solution to `solution.py`.
 
 If you need assistance, don't hesitate to ask for help in our [GitHub Discussions](https://github.com/skills/secure-code-game/discussions) or on our [Slack](https://gh.io/securitylabslack) in the [#secure-code-game](https://ghsecuritylab.slack.com/archives/C05DH0PSBEZ) channel.