Security Issue - Cross-site request forgery (CRSF Attacks)

OFFLINE-GmbH / oc-gdpr-plugin

October CMS plugin to make websites GDPR and ePrivacy compliant

https://octobercms.com/plugin/offline-gdpr

MIT License

36 stars 20 forks source link

Closed ghost closed 6 years ago

ghost commented 6 years ago

There is no CRSF Protection on the POST Form (cookie-manager), missing the CRSF Token!

ghost commented 6 years ago

Also could add a Honey Pot Protection to the Form to Stop Spam Bots.