Loading...

Log In
Closed

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 5.7.3, 5.7-OD-47-038
Affects Version/s: 5.7.1
Component/s: None
Labels:
- affects-server
- csrf
- editor
- security
- xsrf

CVSS Score:
5

Potential XSRF vulnerability in tasks. No atl-token is present in the request to complete a task which suggests an attacker may be able to craft a cross site request forgery and action a task without the correct authorisation.

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

Assignee:: Tung Dang
Reporter:: Dee (Inactive)
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: 26/Feb/2015 12:09 AM
Updated:: 11/Oct/2018 8:46 AM
Resolved:: 20/Mar/2015 7:04 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates