Description
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-11985)
WordPress Plugin Comment Rating SQL Injection and Security Bypass Weakness Vulnerabilities (2.9.32)
MyBB Improper Access Control Vulnerability (CVE-2015-8973)
WordPress Plugin LionScripts:IP Blocker Lite Cross-Site Request Forgery (10.3)
WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-2351)