Description
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
Related CPE's
a
moodle
moodle
3
References
https://moodle.org/mod/forum/discuss.php?d=422314
PatchVendor Advisory
https://moodle.org/mod/forum/discuss.php?d=422314
PatchVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 · Medium
Information
Source identifier
Vulnerability status
Modified
Published
2022-03-11T17:15:19.587Z
4 years agoLast modified
2024-11-21T05:07:07.007Z
1 year ago