Lucene search
+L

14 matches found

Nuclei
Nuclei
added 5 hours ago86 views

Moodle 3.8-3.10.3 - Reflected XSS & Open Redirect

Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 contain a reflected XSS and open redirect caused by insufficient sanitization of the redirect URI in the LTI authorization endpoint, letting attackers execute scripts or redirect users maliciously, exploit requires crafted URL with...

6.1CVSS6.8AI score0.01157EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 7:44 p.m.9 views

CVE-2021-32478

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected...

6.1CVSS5.8AI score0.01157EPSS
Exploits0
Redos
Redos
added 2024/03/13 12:0 a.m.13 views

ROS-2-1540

2.1540 Multiple Vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

7.5CVSS8.3AI score0.01157EPSS
Exploits0
Redos
Redos
added 2024/03/13 12:0 a.m.22 views

ROS-2-1317

2.1317 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

7.5CVSS8.7AI score0.01157EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/03/15 12:0 a.m.17 views

Moodle 3.8.x < 3.8.9, 3.9.x < 3.9.7, 3.10.x < 3.10.4 Multiple Vulnerabilities (MSA-21-0012, MSA-21-0018)

Moodle is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.1CVSS5.6AI score0.01157EPSS
Exploits0References2
OSV
OSV
added 2022/03/11 6:15 p.m.33 views

CVE-2021-32478

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected...

6.1CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2022/03/11 6:15 p.m.60 views

CVE-2021-32478

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected...

6.1CVSS0.01157EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/11 6:15 p.m.4 views

CVE-2021-32478

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected...

6.1CVSS6.7AI score0.01157EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/03/11 6:15 p.m.40 views

CVE-2021-32478

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected...

6.1CVSS6.8AI score0.01157EPSS
Exploits0References2
CVE
CVE
added 2022/03/11 12:0 a.m.126 views

CVE-2021-32478

CVE-2021-32478 affects Moodle; the issue is a reflected XSS and open redirect caused by insufficient sanitization of the redirect_uri parameter at the LTI authorization endpoint. Affected versions are Moodle 3.8–3.8.8, 3.9–3.9.6, and 3.10–3.10.3 (and earlier unsupported). Root cause: inadequate s...

6.1CVSS5.8AI score0.01157EPSS
In wildExploits0References1Affected Software1
Redos
Redos
added 2021/09/08 12:0 a.m.12 views

ROS-2-1276

2.1276 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

8.1CVSS8.4AI score0.06305EPSS
Exploits1
Redos
Redos
added 2021/09/08 12:0 a.m.18 views

ROS-2-845

2.845 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

7.5CVSS8.4AI score0.04006EPSS
Exploits1
Redos
Redos
added 2021/09/08 12:0 a.m.10 views

ROS-2-1723

2.1723 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

7.8CVSS8.4AI score0.99295EPSS
Exploits81
OpenVAS
OpenVAS
added 2021/07/06 12:0 a.m.21 views

Moodle < 3.8.9, 3.9.x < 3.9.7, 3.10.x < 3.10.4 XSS Vulnerability

Moodle is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

6.1CVSS6.1AI score0.01157EPSS
Exploits0References1
Rows per page
Query Builder