Stripo Inc: No CSRF Protection in Resend Confirmation Email feature leads to Sending Unwanted Email in Victim's Inbox without knowing Victim's email address
Summary: There's no CSRF protection in confirmation email resending feature as a result of which an attacker can trick the victim to receive a confirmation email unknowingly. In other features of the website, the content-type must be "application/json", and there is same-origin policy, which...