Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL.

References

• https://nvd.nist.gov/vuln/detail/CVE-2011-4582
• https://bugzilla.redhat.com/show_bug.cgi?id=761248
• http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28720&sr=1
• http://moodle.org/mod/forum/discuss.php?d=191748
• moodle/moodle@0d26727
• moodle/moodle@21e7d4c
• moodle/moodle@7f42237
• moodle/moodle@eb59a44