No Cross-Site Request Forgery protection at multiple locations
Unknown
Vulnerability Details
The Localize application does not provide protection against CSRF attacks at various locations.
For example, the following actions/pages are vulnerable:
`POST /pages/create_project`
`POST /pages/settings`
`POST /add_phrase/$var/languages/$var`
See https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) for more information.
Actions
View on HackerOneReport Stats
- Report ID: 7916
- State: Closed
- Substate: resolved
- Upvotes: 2