jeesite 安全漏洞

Zhuo source software Jeesite is China's Zhuo source software company of a set of open source Java EE enterprise-class rapid development platform . The platform includes system permissions components, data permissions components, data dictionary components, core tools components, view manipulation...

Cross-Site Request Forgery (CSRF) in pimcore/pimcore

✍️ Description Your application have not any CSRF protection and also You set the SameSite attribute to Lax, this means if you want to alter some data with GET HTTP requests, then your site should be vulnerable to CSRF attacks with no doubt. First you run this Html payload and then you should see...