CVE-2011-4294
Moodle < 1.9.13, 2.0.x < 2.0.4, 2.1.x < 2.1.1 - Open Redirect via Error Message Continuation Link
Title source: llmDescription
The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via unspecified vectors.
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/11/14/1
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=8f9f666c902cb30ef6f519353f38c45a29fdf4a6
Vendor Advisory x_refsource_confirm
http://moodle.org/mod/forum/discuss.php?d=182737
Scores
EPSS
0.0040
EPSS Percentile
60.5%
Details
CWE
CWE-20
Status
published
Products (18)
moodle/moodle
1.9.1
moodle/moodle
1.9.2
moodle/moodle
1.9.3
moodle/moodle
1.9.4
moodle/moodle
1.9.5
moodle/moodle
1.9.6
moodle/moodle
1.9.7
moodle/moodle
1.9.8
moodle/moodle
1.9.9
moodle/moodle
1.9.10
... and 8 more
Published
Jul 16, 2012
Tracked Since
Feb 18, 2026