GHSA-78fm-qhh8-8858
GitHub Security Advisory
Moodle reflected XSS
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
Affected Packages
Packagist
moodle/moodle
Affected versions:
3.10
(fixed in 3.10.4)
Packagist
moodle/moodle
Affected versions:
3.9
(fixed in 3.9.7)
Packagist
moodle/moodle
Affected versions:
3.8
(fixed in 3.8.9)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: June 16, 2025 6:25 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.