Lindon Wass

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.7 Moodle version 3.6.4 and earlier Moodle version 3.5.6 and earlier Moodle version 3.4.9 and earlier Moodle version 3.1.18 and earlier Description: A flaw was found in the form to upload cohorts, which contained a redirect field that was not restricted to internal URLs. Recommendations: For versions prior to 3.7, update to version 3.7 or later. For version 3.6.4 and earlier, update to version 3.6.5 or later. For version 3.5.6 and earlier, update to version 3.5.7 or later. For version 3.4.9 and earlier, update to version 3.4.10 or later. For version 3.1.18 and earlier, update to version 3.1.19 or later.