You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by "Maxim Solodovnik (JIRA)" <ji...@apache.org> on 2014/05/14 05:33:20 UTC
[jira] [Resolved] (OPENMEETINGS-947) Cross-Site Request Forgery
[ https://issues.apache.org/jira/browse/OPENMEETINGS-947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maxim Solodovnik resolved OPENMEETINGS-947.
-------------------------------------------
Resolution: Invalid
Assignee: Maxim Solodovnik
It seem like this issue was filed to the wrong project
> Cross-Site Request Forgery
> --------------------------
>
> Key: OPENMEETINGS-947
> URL: https://issues.apache.org/jira/browse/OPENMEETINGS-947
> Project: Openmeetings
> Issue Type: Test
> Environment: Windows 8
> Reporter: Kriti Gupta
> Assignee: Maxim Solodovnik
> Priority: Critical
> Labels: security
>
> A cross-site request forgery (CSRF) vulnerability occurs when:
> 1. A Web application uses session cookies.
> 2. The application acts on an HTTP request without verifying that the request was made with the user's consent.
> In this case the application generates HTTP request via a form post at Check.jsp line 16.
--
This message was sent by Atlassian JIRA
(v6.2#6252)