Loading HuntDB...

GHSA-78fm-qhh8-8858

GitHub Security Advisory

Moodle reflected XSS

✓ GitHub Reviewed MODERATE Has CVE

Advisory Details

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.

Affected Packages

Packagist moodle/moodle
Affected versions: 3.10 (fixed in 3.10.4)
Packagist moodle/moodle
Affected versions: 3.9 (fixed in 3.9.7)
Packagist moodle/moodle
Affected versions: 3.8 (fixed in 3.8.9)

Related CVEs

Key Information

GHSA ID
GHSA-78fm-qhh8-8858
Published
March 12, 2022 12:00 AM
Last Modified
July 12, 2023 12:02 AM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
moodle/moodle
GitHub Reviewed
✓ Yes

Dataset

Last updated: June 15, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.