Description
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
Remediation
References
Related Vulnerabilities
WordPress 4.2.x Prototype Pollution (4.2 - 4.2.31)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9788)
WordPress Plugin Quick Contact Form Cross-Site Scripting (6.0)
WordPress Plugin Newsletter-Send awesome emails from WordPress Cross-Site Scripting (3.2.6)
Joomla! Core 3.x.x Multiple Cross-Site Scripting Vulnerabilities (3.0.0 - 3.8.7)