Description

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.

Remediation

References

CVE-2021-32478

Related Vulnerabilities

WordPress Plugin Arigato Autoresponder and Newsletter Multiple Vulnerabilities (2.5.1.6)

WordPress Plugin Gallery-Flagallery Photo Portfolio 'facebook.php' Cross-Site Scripting (1.56)

Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)

MySQL CVE-2022-21311 Vulnerability (CVE-2022-21311)

WordPress Plugin Easy Plugin for AdSense Cross-Site Request Forgery (6.06)

Severity

Medium

Classification

CVE-2021-32478 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities