PT-2021-3111 · Moodle+1 · Moodle+1
Jordan Tomkinson
·
Published
2021-05-10
·
Updated
2025-12-25
·
CVE-2021-32478
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 3.10 to 3.10.3
Moodle versions 3.9 to 3.9.6
Moodle versions 3.8 to 3.8.8
Moodle versions prior to 3.8
Description
The issue arises from insufficient sanitizing of user-provided data in the LTI authorization endpoint, leading to reflected XSS and open redirect risks. This could allow a remote attacker to perform cross-site scripting attacks.
Recommendations
For versions 3.10 to 3.10.3, update to a version that includes the necessary sanitizing of the redirect URI in the LTI authorization endpoint.
For versions 3.9 to 3.9.6, update to a version that includes the necessary sanitizing of the redirect URI in the LTI authorization endpoint.
For versions 3.8 to 3.8.8, update to a version that includes the necessary sanitizing of the redirect URI in the LTI authorization endpoint.
For versions prior to 3.8, update to a version that includes the necessary sanitizing of the redirect URI in the LTI authorization endpoint.
Fix
Open Redirect
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Moodle