CVE-2014-9060
The CVE-2014-9060 issue affects Moodle’s LTI module (versions prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3; also 2.4.11) where the return URL parameters are not properly restricted. This allows remote attackers to trigger generation of arbitrary messages by modifying the return ...