Slack: CSRF on add comment section

Hi, Steps to repro: 1 Go to this link https://sehacure.slack.com/help/requests/237956 2 The malicious guy should now the request number and the username. 3 Open Tamper data using tamper data firefox addon,Fill the reply in the form. 4 Submit the request.You will see there are no anti-csrf token i...

webalbum-xss.txt

================================================================ WEBAlbum XSS Vulnerabilities POST Variable: id POST Variable: category Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, Win7dos, JabAv0C...