[Suggested description]
Cross Site Request Forgery (CSRF) vulnerability exists in KindEdirot
4.1.x. First, you upload an html file containing csrf on the website
that uses a google editor, (you only need to search in google:
inurl:/examples/uploadbutton.html) and then use the authority of this
website to trick users into clicking your malicious html link.
[Vulnerability Type]
Cross Site Request Forgery (CSRF)
[Affected Component]
To find a website that uses this editor, you only need to search in google: inurl:/examples/uploadbutton.html
Because this is the feature file of this editor
[Attack Type]
Remote
[Impact Code execution]
true
Attackers can use websites trusted by users to perform dangerous operations
[Attack Vectors]
<title>csrf test</title>
// your target url
The text was updated successfully, but these errors were encountered:
The text was updated successfully, but these errors were encountered: