#1232 new
Narendra Bhati

Critical CSRF Vulnerability

Reported by Narendra Bhati | November 6th, 2014 @ 07:09 PM | in 2.3.7 (closed)

I was reported csrf vulnerability here
http://exponentcms.lighthouseapp.com/projects/61783/tickets/1179-0-...

But you team not able to understand the vulnerability and his impact so i am reporting you again for this issue

Here you will get the all details - https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

By using CSRF an attacker can remotely trick an logged administrator to change his site title bar name , create a new page , create a post with xss payload
kindly see the poc video

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Bug Tracker for Exponent CMS

Shared Ticket Bins

People watching this ticket

Attachments

Tags

Pages