VDB
CVE-2021-32478
CVE-2021-32478
PUBLISHED
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
EPSS 3.40% · 87.7th percentile
Risk Scores
EPSS Score
3.40%
87.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | moodle | 3.9.0, 3.10.0, 0 |
| Bitnami | moodle | 3.9.0, 3.10.0, 0 |
Exploit Intelligence
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- CIRCL seen: CVE-2021-32478 (circl-sighting)
- https://moodle.org/mod/forum/discuss.php?d=422314 (circl)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
…and 9 more exploits
Timeline
- Jan 16, 2022 CrowdSec Sighting
- Mar 11, 2022 CVE Published
- Mar 12, 2022 EPSS Score
- Oct 17, 2022 CrowdSec Sighting
- Nov 28, 2022 CrowdSec Sighting
- Aug 3, 2024 CVE Updated
- Mar 15, 2025 CrowdSec Sighting
- Mar 17, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Mar 25, 2025 EPSS Score
- Mar 30, 2025 EPSS Score