CVE-2021-32478

State: PUBLISHED · Published: 2022-03-11 · Updated: 2024-08-03 · Assigner: redhat

Description

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.

CWE

CWE-79 — CWE-79,CWE-601

Affected

n/a / moodle — v=3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 [affected]

CVSS

(none)

References

https://moodle.org/mod/forum/discuss.php?d=422314

Source

cvelistV5-main/cves/2021/32xxx/CVE-2021-32478.json