Cross site request forgery (csrf)

2010-04-2921:30:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability.

CPENameOperatorVersion
moodleeq1.9.4
moodleeq1.9.1
moodleeq1.8.8
moodleeq1.9.6
moodleeq1.8.2
moodleeq1.9.2
moodleeq1.8.6
moodleeq1.8.5
moodleeq1.8.3
moodleeq1.8.9