2 matches found
Litestar has HTML Injection Through its CSRF Token
Overview Litestar instances which use a template engine in conjunction with CSRF protection are vulnerable to HTML Injection which can be escalated to Cross Site Scripting due to the contents of the CSRF cookie being excluded from automatic escaping by the template engine when configured inline...
moodle -- Login CSRF vulnerability
moodle reports: The login form is not protected by a token to prevent login cross-site request forgery...