Description

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.

Remediation

References

CVE-2021-32478

Related Vulnerabilities

PHP NULL Pointer Dereference Vulnerability (CVE-2016-7132)

WordPress Plugin TI WooCommerce Wishlist Security Bypass (1.21.11)

WordPress Plugin Appointment Booking Calendar Cross-Site Scripting (1.3.34)

Perl Integer Overflow or Wraparound Vulnerability (CVE-2020-10878)

Drupal Other Vulnerability (CVE-2006-4002)

Severity

Medium

Classification

CVE-2021-32478 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities