| Title | unitecms oasys 1.0 Unauthorized |
|---|
| Description | By utilizing the user's login status, a forged request is sent to the target website without the user's knowledge. Attackers usually place malicious code on third-party websites. When users visit the website, the malicious code will automatically send fake requests to the target website, thereby achieving the purpose of the attack. XS and CSS can also be combined to achieve more influential attacks. |
|---|
| Source | ⚠️ https://github.com/misstt123/oasys/issues/11 |
|---|
| User | moyu666 (UID 83894) |
|---|
| Submission | 04/08/2025 11:35 (1 Year ago) |
|---|
| Moderation | 04/16/2025 03:21 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 304976 [misstt123 oasys 1.0 Sticky Notes cross-site request forgery] |
|---|
| Points | 19 |
|---|