You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some of the forms have CSRF vulnerabilities due to the fact that we allow a GET in the method handling. POST should be enforced everywhere as that would block an attacker into tricking a user with a valid session into triggering form actions on these specific methods.
One case was overlooked and an extra condition is added.
The text was updated successfully, but these errors were encountered:
jekkos
changed the title
CSRF vulnerabiliities in remove and delete forms
CSRF vulnerabilities in remove and delete forms
Oct 4, 2021
Some of the forms have CSRF vulnerabilities due to the fact that we allow a GET in the method handling. POST should be enforced everywhere as that would block an attacker into tricking a user with a valid session into triggering form actions on these specific methods.
One case was overlooked and an extra condition is added.
The text was updated successfully, but these errors were encountered: