Description
message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing.
Remediation
References
Related Vulnerabilities
Drupal Core 9.0.x Cross-Site Request Forgery (9.0.0 - 9.0.14)
Atlassian Jira CVE-2020-14178 Vulnerability (CVE-2020-14178)
Ruby on Rails Uncontrolled Resource Consumption Vulnerability (CVE-2021-22880)
WordPress Plugin Slideshow Gallery LITE Multiple Unspecified Vulnerabilities (1.5.3.3)
DOMPurify URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-25155)