Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Fix h1 report 99452
Cross-Site Request Forgery (CSRF) --------------------------------- An undisclosed user has reported via HackerOne that the password recovery form in Revive Adserver was vulnerable to CSRF attacks. Such vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed. A CVE-ID has been requested, but not assigned yet. CWE: CWE-352 CVSSv2: 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
- Loading branch information