Description

Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.

Remediation

References

CVE-2010-2231

Related Vulnerabilities

Oracle JRE CVE-2022-21360 Vulnerability (CVE-2022-21360)

WordPress Plugin Banner Slider Cross-Site Scripting (1.0)

silverstripeCMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-6753)

WordPress Plugin All-in-One Addons for Elementor-WidgetKit Cross-Site Scripting (2.4.3)

WordPress Plugin RSS Feed Widget Cross-Site Scripting (2.8.0)

Severity

Medium

Classification

CVE-2010-2231 CWE-352

Tags

Missing Update Known Vulnerabilities