VulnerableCode Vulnerability Details - VCID-weqz-n7rq-6ubc

Search for vulnerabilities

Vulnerability details: VCID-weqz-n7rq-6ubc

Essentials
Severities (11)
References (10)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-weqz-n7rq-6ubc
Aliases	CVE-2011-4294 GHSA-hxmp-8f47-x9fc
Summary	Moodle Open Redirect Via Error Messages The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via error message links that lead offsite.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-601	URL Redirection to Untrusted Site ('Open Redirect')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git;a=commit;h=8f9f666c902cb30ef6f519353f38c45a29fdf4a6
generic_textual	MODERATE	http://moodle.org/mod/forum/discuss.php?d=182737
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2011/11/14/1
epss	0.00396	https://api.first.org/data/v1/epss?cve=CVE-2011-4294
epss	0.00396	https://api.first.org/data/v1/epss?cve=CVE-2011-4294
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-hxmp-8f47-x9fc
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/18c2fcf8f19e00f0e89421d8fd8b7486a6dc6f79
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/417fdfab6bbdcfc3f5b64704ec06912ae9cd1050
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/8f9f666c902cb30ef6f519353f38c45a29fdf4a6
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2011-4294

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git;a=commit;h=8f9f666c902cb30ef6f519353f38c45a29fdf4a6
		http://moodle.org/mod/forum/discuss.php?d=182737
		http://openwall.com/lists/oss-security/2011/11/14/1
		https://api.first.org/data/v1/epss?cve=CVE-2011-4294
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/18c2fcf8f19e00f0e89421d8fd8b7486a6dc6f79
		https://github.com/moodle/moodle/commit/417fdfab6bbdcfc3f5b64704ec06912ae9cd1050
		https://github.com/moodle/moodle/commit/8f9f666c902cb30ef6f519353f38c45a29fdf4a6
		https://nvd.nist.gov/vuln/detail/CVE-2011-4294
GHSA-hxmp-8f47-x9fc		https://github.com/advisories/GHSA-hxmp-8f47-x9fc

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.59549
EPSS Score	0.00396
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:26:41.087759+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hxmp-8f47-x9fc/GHSA-hxmp-8f47-x9fc.json	36.1.3