CVE-2021-32478

Published: Mar 11, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.

Vendor	Product	Versions
n/a	moodle	affected `3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8`

Weaknesses (CWE)

CWE-79

References

https://moodle.org/mod/forum/discuss.php?d=422314

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-32478

Description

Affected Products

Weaknesses (CWE)

References