In following endpoint don’t check the authorization of users and any user can delete other users comments /_api/comments.remove
the body of request is like this :
{
"comment_id" : "61393bb36970d0000c62b3cf"
,
"_csrf" : <a_new_one>
}
any user receive all comment_id
and can easily replace other users comment_id
with own comment_id
and delete other user’s comments.
This vulnerability is capable of make high impact on integrity of system.