2 matches found
GHSA-GVVX-FC6P-2H9X Duplicate Advisory: Wallabag user can delete own API client unintentionally
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gjvc-55fw-v6vq. This link is maintained to preserve external references. Original Description Cross-Site Request Forgery CSRF in GitHub repository wallabag/wallabag prior to 2.6.3...
CSRF leading to delete Client API in API clients management
Description wallabag was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily delete API key via client/delete/id Proof of Concept history.pushState'', '', '/'; document.forms0.submit;...