Cross-Site Request Forgery (CSRF) in emoncms/dashboard
Jul 22nd 2021
csrf bug to change email
💥 STEP TO REPRODUCE
- First login into your account and open the link
http://localhost/emoncms/user/changeemail.json?&email=admin%40localhost.combmand your email will be changed.
Any attacker can send those link to vicitm and when vicitm open the link then email will be changed