Description

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.

Remediation

References

CVE-2021-32478

Related Vulnerabilities

Apache HTTP Server Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-11985)

WordPress Plugin Comment Rating SQL Injection and Security Bypass Weakness Vulnerabilities (2.9.32)

MyBB Improper Access Control Vulnerability (CVE-2015-8973)

WordPress Plugin LionScripts:IP Blocker Lite Cross-Site Request Forgery (10.3)

WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-2351)

Severity

Medium

Classification

CVE-2021-32478 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities