| Название | ZHENFENG13 https://github.com/ZHENFENG13/My-Blog <=1.0.0 CSRF |
|---|
| Описание | The application has no CSRF protection, allowing attackers to leverage CSRF to launch various attacks against admin users. Particularly when combined with XSS vulnerabilities, this would enable attackers to target both frontend users and admin users. |
|---|
| Источник | ⚠️ https://github.com/ZHENFENG13/My-Blog/issues/145 |
|---|
| Пользователь | ZAST.AI (UID 87884) |
|---|
| Представление | 26.07.2025 18:26 (9 месяцы назад) |
|---|
| Модерация | 08.08.2025 10:35 (13 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 319235 [zhenfeng13 My-Blog до 1.0.0 /admin/tags/save tagName подделка межсайтовых запросов] |
|---|
| Баллы | 16 |
|---|