Weblate: CSRF bypass ( Delate Source Translation From dictionaries ) in demo.weblate.org

Hello I've Found CSRF in https://demo.weblate.org Sending a POST request dictionaries will delate successfully steps to reproduce: 1. go https://demo.weblate.org/ and login into your account 2. now go https://demo.weblate.org/dictionaries/hello/sl/ 3. add new word, now delate it by CSRF i made tw...

Weblate: Logout CSRF

Hi Team, This is a low risk but want you to know that logout on this domain demo.weblate.org did not protect the logout form with csrf token, therefor i can logout any user by sending this url https://demo.webplate.org/accounts/logout/. Logout should have post method with a valid csrf token. Let ...