CVE-2021-32478

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
References
Link Resource
https://moodle.org/mod/forum/discuss.php?d=422314 Patch Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Information

Published : 2022-03-11 06:15

Updated : 2022-11-07 06:52


NVD link : CVE-2021-32478

Mitre link : CVE-2021-32478

Products Affected
No products.
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CWE-79