The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however, it may facilitate the exploitation of other vulnerabilities affecting application users. The original request contains parameters that look like they may be anti-CSRF tokens. However, the request is successful if these parameters are removed.

Recent assessments:

nu11secur1ty at July 31, 2021 5:39pm UTC reported:

The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however, it may facilitate the exploitation of other vulnerabilities affecting application users. The original request contains parameters that look like they may be anti-CSRF tokens. However, the request is successful if these parameters are removed.

Reproduce:

<https://github.com/nu11secur1ty/CVE-mitre/tree/main/PEEL-CSRF&gt;

Proof:

<https://streamable.com/jzts59&gt;

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 3