Lucene search

K
cve[email protected]CVE-2011-4133
HistoryJul 16, 2012 - 10:28 a.m.

CVE-2011-4133

2012-07-1610:28:36
CWE-352
web.nvd.nist.gov
23
4
cve-2011-4133
moodle
csrf
vulnerability
rss block
nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

52.5%

Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block.

Affected configurations

NVD
Node
moodlemoodleMatch1.9.1
OR
moodlemoodleMatch1.9.2
OR
moodlemoodleMatch1.9.3
OR
moodlemoodleMatch1.9.4
OR
moodlemoodleMatch1.9.5
OR
moodlemoodleMatch1.9.6
OR
moodlemoodleMatch1.9.7
OR
moodlemoodleMatch1.9.8
OR
moodlemoodleMatch1.9.9
OR
moodlemoodleMatch1.9.10
VendorProductVersionCPE
moodlemoodle1.9.8cpe:/a:moodle:moodle:1.9.8:::
moodlemoodle1.9.4cpe:/a:moodle:moodle:1.9.4:::
moodlemoodle1.9.6cpe:/a:moodle:moodle:1.9.6:::
moodlemoodle1.9.9cpe:/a:moodle:moodle:1.9.9:::
moodlemoodle1.9.3cpe:/a:moodle:moodle:1.9.3:::
moodlemoodle1.9.10cpe:/a:moodle:moodle:1.9.10:::
moodlemoodle1.9.5cpe:/a:moodle:moodle:1.9.5:::
moodlemoodle1.9.1cpe:/a:moodle:moodle:1.9.1:::
moodlemoodle1.9.7cpe:/a:moodle:moodle:1.9.7:::
moodlemoodle1.9.2cpe:/a:moodle:moodle:1.9.2:::

Social References

More

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

52.5%