CVE-2011-4582 – moodle/moodle

Package

Manager: composer
Name: moodle/moodle
Vulnerable Version: >=2.1 <2.1.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00161 pctl0.37519

Details

Moodle Open Redirect in Calendar Set Page Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL.

Metadata

Created: 2022-05-13T01:13:15Z
Modified: 2024-01-17T18:26:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jcrj-x36p-h9f6/GHSA-jcrj-x36p-h9f6.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-jcrj-x36p-h9f6
Finding: F156
Auto approve: 1