Urban Dictionary: Infinite Upvoting/Downvoting: Lockout Bypass, Plus: Exposed API Documentation

By sending an extra parameter kind=1 in the upvote/downvote API request, a user can vote as many times as he wants without any IP address restriction: http://api.urbandictionary.com/v0/vote?kind=1&direction=up&defid=94413 Seems harmless enough, but your site does depend on the accuracy of the...

Multiple CSRF vulnerabilties in Question/Answer Threads

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47240. panel Multiple CSRF vulnerabilities exist on answers.atlassian.com where an attacker can potentially perform actions such...

Multiple CSRF vulnerabilties in Question/Answer Threads

Multiple CSRF vulnerabilities exist on answers.atlassian.com where an attacker can potentially perform actions such as the following, if the victim visits the attackers malicious resource: Confirmed affected: - Upvoting of answers - Downvoting of answers - Deletion of answers or comments - Liking...

Multiple CSRF vulnerabilties in Question/Answer Threads

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47240. panel Multiple CSRF vulnerabilities exist on answers.atlassian.com where an attacker can potentially perform actions such...

Multiple CSRF vulnerabilties in Question/Answer Threads

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47240. panel Multiple CSRF vulnerabilities exist on answers.atlassian.com where an attacker can potentially perform actions suc...