Please log in to bookmark issues
#2889 – 
Bug report
Click to toggle a vote for this issue
0 + 0
Time tracking started at Paused

The HTML parameters associated with the create, modify, and delete items functionalities are not properly validated for the user input and can be exploited for carrying out a cross-site request forgery (XSRF) attack. As a result, an attacker can send a request to add a saved search to users, embedding malicious code which will be stored in the database.

How to reproduce
Expand, collaborate and share
Post a comment and get things done
Important details
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Times and dates
  • Estimated time No time estimated
People involved
Other details
  • Not determined