IBM OmniFind - Cross-Site Request Forgery
IBM OmniFind - Cross-Site Request Forgery The forms in the administrator interface are not protected against XSRF. The attacker can do any action in the context of the victim. An example attack scenario could be: The attacker creates a malicious website with a prepared form to add a new user, whi...