What the vulnerability does

01Description

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.

Key dates

02Disclosure timeline

March 11, 2022 CVE published
August 3, 2024 Record updated