## Summary: Hi :) There is a CSRF on creating bookmarks form. ## Steps To Reproduce: There is no CSRF token or anything like that on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action. I added the poc html file below. When someone opens this html file, or we can add it into our website, he/she creates a bookmark unwillingly. ## Impact An attacker can force other users to create a bookmark without their knowledge.

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Cross-Site Request Forgery (CSRF)