Description

Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php.

Remediation

References

CVE-2012-6101

Related Vulnerabilities

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19992)

PHP Use of Uninitialized Resource Vulnerability (CVE-2015-3414)

Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.12)

WebLogic CVE-2021-2376 Vulnerability (CVE-2021-2376)

Drupal Core 5.x Cross-Site Scripting (5.0 - 5.16)

Severity

Medium

Classification

CVE-2012-6101 CWE-20

Tags

Missing Update Known Vulnerabilities