VDB

CVE-2014-9060

CVE-2014-9060 PUBLISHED CVSS 5 MEDIUM

The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers to trigger the generation of arbitrary messages via a modified URL, related to mod/lti/locallib.php and mod/lti/return.php.

EPSS 0.39% · 60.3th percentile

Risk Scores

CVSS 2.0
5
EPSS Score
0.39%
60.3th percentile

Affected Products

VendorProductVersions
moodlemoodle0, 2.6.0, 2.7.0
moodlemoodle2.5.3, 2.5.5, 2.5.6
n/an/an/a

Timeline

  • Nov 24, 2014 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score
  • May 25, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›