Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-2986)

Description

Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk.

Remediation

References

Related Vulnerabilities

WebLogic CVE-2016-3499 Vulnerability (CVE-2016-3499)

WordPress Plugin WP HTML Author Bio Cross-Site Scripting (1.2.0)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7939)

WordPress Plugin to Manage/Design WordPress Blog-WP Blog Manager Lite includes Backdoor [Only if downloaded via the vendor website] (1.1.0)

WordPress Plugin Secure File Manager Arbitrary File Upload (2.9.3)

Severity

High

Classification

CVE-2022-2986 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities