CVE-2021-32478

MEDIUM EXPLOITED NUCLEI

Moodle < 3.8.9 - XSS

Title source: rule

Description

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.

Nuclei Templates (1)

Moodle 3.8-3.10.3 - Reflected XSS & Open Redirect

MEDIUMVERIFIEDby hackergautam

References (1)

[Patch, Vendor Advisory] https://moodle.org/mod/forum/discuss.php?d=422314

Scores

CVSS v3 6.1

EPSS 0.0340

EPSS Percentile 87.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2025-11-05

CWE

CWE-601 CWE-79

Status published

Products (2)

moodle/moodle < 3.8.9

moodle/moodle 3.10 - 3.10.4Packagist

Published Mar 11, 2022

Tracked Since Feb 18, 2026