2 matches found
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via a request to Users/add...
CVE-2014-2989
CVE-2014-2989 concerns Open Assessment Technologies TAO 2.5.6. The vulnerability is a CSRF flaw in TAO/Users/add that allows an attacker to hijack an administrator’s session and create new administrative accounts due to insufficient origin verification. Exploitation details appear in advisories (...