Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use xss+csrf attack on configuration pages #822

Closed
d4wner opened this issue Dec 17, 2017 · 2 comments
Closed

use xss+csrf attack on configuration pages #822

d4wner opened this issue Dec 17, 2017 · 2 comments
Assignees
@plegall
Labels
Section: Security
Milestone
2.9.3

Comments

@d4wner
Copy link

d4wner commented Dec 17, 2017
edited by flop25

Edit we did see your email and we are currently discussing privately of the issue. No need to publish that. Thank you for reporting
@flop25 flop25 closed this as completed Dec 17, 2017
@d4wner
Copy link
Author

d4wner commented Dec 18, 2017 via email

@plegall
Copy link
Member

plegall commented Dec 18, 2017

I'm working on it.

@plegall plegall reopened this Dec 18, 2017
@plegall plegall self-assigned this Dec 18, 2017
@plegall plegall added this to the 2.9.3 milestone Dec 18, 2017
@plegall plegall changed the title vulnerability:use xss+csrf attack to control the admin panel use xss+csrf attack on configuration pages Dec 18, 2017
plegall added a commit that referenced this issue Dec 18, 2017
@plegall
(cp 77f02bf) fixes #822, add token on configuration page to prevent CSRF
c3b4c6f
@0xcoyote 0xcoyote mentioned this issue Jun 26, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@plegall plegall

Labels
Section: Security
Projects
None yet
Milestone
2.9.3
Development

No branches or pull requests
3 participants
@flop25 @d4wner @plegall