https://forge-allura.apache.org/p/allura/tickets/You searched for labels:"CSRF"enThu, 30 Jul 2015 22:41:21 -0000https://forge-allura.apache.org/p/allura/tickets/7944/Hi, My name is Mohamed Abdelbaset Elnoby a Senior Information Security Analyst and Web Application Penetration Tester at Seekurity Inc. I would like to report a Security Vulnerability in the Apache Allura Wiki Script fetailed as follow: Vulnerability: Cross Site Request Forgery - (CSRF) Info: http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) Affected URL(s)/Forms Code: /wiki/subscribe?subscribe=True /wiki/subscribe?unsubscribe=True More Details/Impact: Force users to subscribe/unsubscribe to any other user's wiki, the vulnerable links shows a PoC links to do so to my wiki account. Waiting for your reply Best Regards, Mohamed Abdelbaset Elnoby Guru Programmer, Senior Information Security Consultant & Web Application Penetration Tester at Seekurity Inc.Mohamed A. BasetThu, 30 Jul 2015 22:41:21 -0000https://forge-allura.apache.org/p/allura/tickets/7944/