Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos

Valid

Reported on

Oct 7th 2021


Description

Hello,

there is another CSRF vulnerability on your nice application on the following endpoint.

/sales/delete_item/{sale_id}

We have contacted a member of the opensourcepos team and are waiting to hear back 2 months ago
We have contacted a member of the opensourcepos team and are waiting to hear back 2 months ago
amammad modified their report
2 months ago
amammad modified their report
2 months ago
jekkos validated this vulnerability 2 months ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
jekkos
2 months ago

Maintainer


I think this should be blocked on the dev server now no?

amammad
2 months ago

Researcher


Hey Jekkos,

I will look at this ASAP

jekkos confirmed that a fix has been merged on 3ac43c a month ago
jekkos has been awarded the fix bounty