John Couzins

**Name of the Vulnerable Software and Affected Versions** Moodle versions 3.7 through 3.7.1 Moodle versions 3.6 through 3.6.5 Moodle versions 3.5 through 3.5.7 Moodle versions earlier than 3.5 **Description** A vulnerability was found in Moodle where the forum subscribe link contained an open redirect if forced subscription mode was enabled. This occurred when a forum's subscription mode was set to "forced subscription", causing the forum's subscribe link to contain an open redirect. **Recommendations** For Moodle versions 3.7 through 3.7.1, update to a version outside of this range to resolve the issue. For Moodle versions 3.6 through 3.6.5, update to a version outside of this range to resolve the issue. For Moodle versions 3.5 through 3.5.7, update to a version outside of this range to resolve the issue. For Moodle versions earlier than 3.5, consider upgrading to a supported version to mitigate the risk of exploitation. As a temporary workaround, consider disabling the forced subscription mode for forums until a patch is available.