CSRF in Account Deletion feature (https://www.flickr.com/account/delete)
High
F
Flickr
Submitted None
Team Summary
Official summary from Flickr
CSRF was missing in Account Deletion form due to switching login providers. @asad0x01_ found the vulnerability and reported it concisely, even with a video POC. The issue was fixed with 60 days, but we were slow to resolve the ticket and disclose.
Actions:
Reported by
asad0x01_
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-Site Request Forgery (CSRF)