Description

Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages.

Remediation

References

CVE-2012-6103

Related Vulnerabilities

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7944)

PHP Address Book Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2903)

Oracle Database Server CVE-2007-2116 Vulnerability (CVE-2007-2116)

WordPress Plugin Gallery Plugin for WordPress-Envira Photo Gallery Cross-Site Scripting (1.8.3.2)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2183)

Severity

Medium

Classification

CVE-2012-6103 CWE-352

Tags

Missing Update Known Vulnerabilities