Dingjie Yang

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.5.9 and earlier Moodle versions 2.6.x before 2.6.11 Moodle versions 2.7.x before 2.7.8 Moodle versions 2.8.x before 2.8.6 **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header. This can be exploited by a remote attacker to perform phishing attacks by redirecting users to malicious websites. **Recommendations** For Moodle versions 2.5.9 and earlier, update to version 2.6.11 or later. For Moodle versions 2.6.x before 2.6.11, update to version 2.6.11 or later. For Moodle versions 2.7.x before 2.7.8, update to version 2.7.8 or later. For Moodle versions 2.8.x before 2.8.6, update to version 2.8.6 or later.