The LTI authorization endpoint in Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier versions is susceptible to reflected XSS and open redirect risks through improperly sanitized redirect URI
Reporter | Title | Published | Views | Family All 40 |
---|---|---|---|---|
OSV | CVE-2021-32478 | 11 Mar 202218:15 | – | osv |
OSV | BIT-moodle-2021-32478 | 6 Mar 202411:09 | – | osv |
OSV | Moodle reflected XSS | 12 Mar 202200:00 | – | osv |
OpenVAS | Moodle < 3.8.9, 3.9.x < 3.9.7, 3.10.x < 3.10.4 XSS Vulnerability | 6 Jul 202100:00 | – | openvas |
OpenVAS | Moodle 3.8.x < 3.8.9, 3.9.x < 3.9.7, 3.10.x < 3.10.4 Multiple Vulnerabilities (MSA-21-0012, MSA-21-0018) | 15 Mar 202200:00 | – | openvas |
UbuntuCve | CVE-2021-32478 | 11 Mar 202200:00 | – | ubuntucve |
Github Security Blog | Moodle reflected XSS | 12 Mar 202200:00 | – | github |
Veracode | Cross-site Scripting (XSS) | 15 Mar 202212:59 | – | veracode |
Prion | Open redirect | 11 Mar 202218:15 | – | prion |
Cvelist | CVE-2021-32478 | 11 Mar 202200:00 | – | cvelist |
[
{
"vendor": "n/a",
"product": "moodle",
"versions": [
{
"version": "3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8",
"status": "affected"
}
]
}
]
Source | Link |
---|---|
moodle | www.moodle.org/mod/forum/discuss.php |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo