CVE-2021-32478
CVE-2021-32478
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS —EPSS 1.2%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
11 Mar 2022Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
Affected products
n/a · moodleWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →