As far as exploitation goes, effect is limited (it just stops people from being able to register), and requires local access to machine, so this isn't classified as a vulnerability, just a best-practice nice-to-have.
The text was updated successfully, but these errors were encountered:
https://github.com/NodeBB/nodebb-theme-persona/blob/98edd2c19ae934414dc7519bb01c9ef0bb10ee56/templates/registerComplete.tpl#L43-L51
Does not pass in CSRF token.
NodeBB/src/routes/authentication.js
Line 174 in 5d8df40
Does not check for CSRF token.
As far as exploitation goes, effect is limited (it just stops people from being able to register), and requires local access to machine, so this isn't classified as a vulnerability, just a best-practice nice-to-have.
The text was updated successfully, but these errors were encountered: