OAuth2 Client- Moderately Critical - Cross Site Request Forgery - SA-CONTRIB-2016-044
This module provides an OAuth2 client. The module does not check the validity of the state parameter, during server-side flow, before getting a token. This may allow a malicious user to feed a fake accesstoken to another user, and subsequently provide him fake data from the server. This page...