Cross site request forgery
None
H
Hiro
Submitted None
Team Summary
Official summary from Hiro
An e-mail signup form does not check CSRF tokens. This would allow the creation of click-able links which perform an e-mail signup. Because the e-mail signup form does not pass any sensitive information, nor perform any state changes on behalf of a user, this is not a vector for attack.
Actions:
Reported by
firestone
Report Details
Additional information and metadata
State
Closed
Substate
Informative
Submitted
Weakness
Cross-Site Request Forgery (CSRF)