Moodle is vulnerable to cross-site request forgery (CSRF) attacks. The application does not check for a session key in the Glossary module, allowing a malicious user to hijack the authentication of other users through editcategories.html
and editcategories.php
.