जमा करें #600581: CodeAstro Expense Management System 1.0 Cross-Site Request Forgeryजानकारी

शीर्षकCodeAstro Expense Management System 1.0 Cross-Site Request Forgery
विवरणThe attacker can remotely craft a malicious link (using the CSRF vulnerability) and trick an authenticated user into clicking it. This allows the attacker to perform unauthorized actions, such as adding an expense entry, on behalf of the victim without their consent. Additionally, the attacker can insert malicious JavaScript into the value of an item in the "Add Expense" form. This malicious payload is sent via the CSRF request and stored in the system. The payload is then displayed in the Manage Expenses section. When the victim later visits the Manage Expenses page, the stored malicious JavaScript is executed, potentially leading to the theft of session cookies which leads to account takeover.
स्रोत⚠️ http://codeastro.com
उपयोगकर्ता
 yousufnihal (UID 76343)
सबमिशन19/06/2025 12:03 PM (1 वर्ष पहले)
संयम21/06/2025 07:43 AM (2 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि313586 [CodeAstro Expense Management System 1.0 क्रॉस साइट रिक्वेस्ट फॉर्जरी]
अंक17

Might our Artificial Intelligence support you?

Check our Alexa App!