EPSS
Percentile
31.3%
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
github.com/moodle/moodle/commit/752ad3d8eb4f9ac22dbf1461aa69d6e0baee503e
moodle.org/mod/forum/discuss.php?d=422314
nvd.nist.gov/vuln/detail/CVE-2021-32478