search

OWASP / Maturity-Models

Node application to help managing Maturity Models like the ones created by BSIMM and OpenSAMM
Apache License 2.0
187 stars 51 forks source link

There is a CSRF vuln on Add and Delete teams #138

Closed DinisCruz closed 8 years ago

DinisCruz commented 8 years ago

Because the add and delete are GET methods (see #137 and #130), they can be triggered via CSRF (i.e. from another tab)