Description
A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the forum's subscribe link contained an open redirect.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Mega Menu-QuadMenu Remote Code Execution (2.0.6)
PHP 4.3.0 file disclosure and possible code execution
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.12)
WordPress Plugin Calculated Fields Form Cross-Site Scripting (1.0.353)
Play Framework Out-of-bounds Write Vulnerability (CVE-2020-27196)