Description
A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the forum's subscribe link contained an open redirect.
Remediation
References
Related Vulnerabilities
Apache Tomcat Session Fixation Vulnerability (CVE-2019-17563)
WordPress Plugin WordPress+Microsoft Office 365/Azure AD-LOGIN Cross-Site Scripting (15.3)
WordPress Plugin Quick Buy For Woocommerce Arbitrary File Disclosure (2.0)
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2020-11080)
Magento Insufficient Verification of Data Authenticity Vulnerability (CVE-2019-8124)