Veracode Vulnerability DatabaseVERACODE:46190Cross-Site Request Forgery (CSRF)
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
moodle/moodle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the link to update all installed language packs not including a necessary CSRF token. An attacker can exploit this vulnerability by tricking a user into clicking on a crafted link or navigating to a malicious website.
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | le | 4.1.8 | |
| moodle/moodle | le | v4.3.2 | |
| moodle/moodle | le | v4.2.5 | |
| moodle/moodle | le | 4.1.8 | |
| moodle/moodle | le | v4.3.2 | |
| moodle/moodle | le | v4.2.5 |
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%