| Topic: | Cross Site Request Forgery (CSRF) in messaging setting |
| Severity: | Major |
| Versions affected: | < 1.6.8, < 1.7.6, < 1.8.7, < 1.9.3 |
| Reported by: | internal code review |
| Issue no.: | MDL-16688 |
| Solution: | update to latest releases |
Description:
The messaging settings page was exposed to a CSRF vulnerability because it wasn't protected by the sesskey mechanism.