LisaCabot
commented
1 day ago Added Token in config, init and in all the forms in the html.j2 files
Closed LisaCabot closed 1 day ago
LisaCabot
commented
1 day ago Added Token in config, init and in all the forms in the html.j2 files
Description: Trick the web page into thinking a user has made a request Potential Impact: The hacker may get access to an account and will be able to do whatever the account has privileges for, like pose as the account, change details, or if the account is an administrator or account with more privileges, steal or change information from the web page. Affected part of the application: Different inputs around the page. Type of vulnerability: Cross-Site Request Forgery (https://cwe.mitre.org/data/definitions/352.html)