Actions doeditpage,domovepage,docreatepage do not require XSRF token

XMLWordPrintable

    • 5

      When checking the application for security leaks, I found that the actions doeditpage, domovepage and docreatepage explicitly set the requireSecurityToken=false in the xwork.xml. This could be a possible leak in an attack scenario. Is there a reason, why these actions should not require the security token, perhaps incompatibilities,...?

              Assignee:
              Chii (Inactive)
              Reporter:
              Michael Ammann
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: