Cross-site request forgery (CSRF) vulnerability in a DoD website
Low
U
U.S. Dept Of Defense
Submitted None
Team Summary
Official summary from U.S. Dept Of Defense
A cross-site request forgery (CSRF) vulnerability was found on a Department of Defense website which could trick a web user into posting or changing confidential information, or redirecting sensitive information to the malicious user. @mantis was able to demonstrate this vulnerability by crafting a specially formatted webpage. Thanks @mantis!
Actions:
Reported by
mantis
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Generic