CVE-2021-32478

Summary

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.

Affected Software

VendorProductVersion RangeStatus
n/amoodle3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8affected

Weaknesses

  • CWE-79: CWE-79,CWE-601

ADP Enrichment

CVE Program Container

Additional References

References