Moodle is vulnerable to multiple open redirect vulnerabilities. The vulnerabilities exist because of insufficient filtering of return URLs on some pages, leading to redirection to other arbitrary sites. It can also result in phishing attacks through (1) backup/backupfilesedit.php
, (2) comment/comment_post.php
, (3) course/switchrole.php
, (4) mod/wiki/filesedit.php
, (5) tag/coursetags_add.php
, or (6) user/files.php
.