Description
Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages.
Remediation
References
Related Vulnerabilities
Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28977)
PHP CVE-2004-0542 Vulnerability (CVE-2004-0542)
WordPress Plugin Knight Lab Timeline Cross-Site Scripting (3.6.6)
XWikiplatform Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-31988)
Oracle Database Server CVE-2011-0785 Vulnerability (CVE-2011-0785)