CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
Percentile
71.8%
Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49179
openwall.com/lists/oss-security/2015/05/18/1
github.com/advisories/GHSA-h798-h7ff-93xv
github.com/moodle/moodle/commit/b2687a055dc990ca86ddce178d5aee3fb1df644a
github.com/moodle/moodle/commit/db200a8e9f88c8c4a2141ac264062dca74ee2f29
github.com/moodle/moodle/commit/dd0607b7bbaff38cc62e4d00658c02da3fdbb4c8
moodle.org/mod/forum/discuss.php?d=313682
nvd.nist.gov/vuln/detail/CVE-2015-3175
web.archive.org/web/20201030042703/www.securitytracker.com/id/1032358
web.archive.org/web/20210122155902/www.securityfocus.com/bid/74720