CVE-2011-4294
Last modified
CVE-2011-4294 is a vulnerability of currently unknown severity. The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via unspecified vectors.. EPSS estimates a 1.54% chance of exploitation in the next 30 days.
Description
The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via unspecified vectors.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | 1.9.1 |
| Moodle | Moodle | 1.9.2 |
| Moodle | Moodle | 1.9.3 |
| Moodle | Moodle | 1.9.4 |
| Moodle | Moodle | 1.9.5 |
| Moodle | Moodle | 1.9.6 |
| Moodle | Moodle | 1.9.7 |
| Moodle | Moodle | 1.9.8 |
| Moodle | Moodle | 1.9.9 |
| Moodle | Moodle | 1.9.10 |
| Moodle | Moodle | 1.9.11 |
| Moodle | Moodle | 1.9.12 |
| Moodle | Moodle | 2.0.0 |
| Moodle | Moodle | 2.0.1 |
| Moodle | Moodle | 2.0.2 |
| Moodle | Moodle | 2.0.3 |
| Moodle | Moodle | 2.1.0 |
References
- http://moodle.org/mod/forum/discuss.php?d=182737Vendor Advisory
- http://moodle.org/mod/forum/discuss.php?d=182737Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-4294?
How severe is CVE-2011-4294?
How do I fix CVE-2011-4294?
Are you affected by CVE-2011-4294?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST