Description
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
Remediation
References
Related Vulnerabilities
WordPress Plugin Export any WordPress data to XML/CSV Cross-Site Scripting (1.3.0)
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.3)
WordPress Plugin ABASE Multiple Vulnerabilities (2.6)
WordPress Other Vulnerability (CVE-2006-6808)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33333)