Cross-Site Request Forgery (CSRF)

rdiffweb is vulnerable to cross-site request forgery. The vulnerability exists because the renderprefspanel function in prefnotification.py does not properly handle the passwordform and profileform attributes, allowing an attacker to change the email ID of the user by redirecting to the malicious...

Cross-site Request Forgery (CSRF)

rdiffweb is vulnerable to cross-site request forgery. The vulnerability exists in renderprefspanel function in prefnotification.py because the server accepts the GET request that is sent to modify repository notifications settings which allows an attacker to disable the notifications sent to user...