Description

Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL.

Remediation

References

CVE-2011-4582

Related Vulnerabilities

Jboss EAP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-5220)

WordPress Plugin P3 (Plugin Performance Profiler) Cross-Site Scripting (1.5.3.8)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4581)

Jenkins Session Fixation Vulnerability (CVE-2018-1000409)

WordPress Plugin AdRotate-Ad manager & AdSense Ads 'track' Parameter SQL Injection (3.6.5)

Severity

Medium

Classification

CVE-2011-4582 CWE-20

Tags

Missing Update Known Vulnerabilities