Описание
Moodle reflected XSS
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
Пакеты
moodle/moodle
>= 3.10, <= 3.10.3
3.10.4
moodle/moodle
>= 3.9, <= 3.9.6
3.9.7
moodle/moodle
>= 3.8, <= 3.8.8
3.8.9
Связанные уязвимости
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
The redirect URI in the LTI authorization endpoint required extra sani ...
Уязвимость виртуальной обучающей среды Moodle, существующая из-за недостаточной очистки предоставленных пользователем данных в конечной точке авторизации LTI, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)