Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos

Valid

Reported on

Oct 7th 2021

Description

Hello,

there is another CSRF vulnerability on your nice application on the following endpoint.

/sales/delete_item/{sale_id}

We have contacted a member of the opensourcepos team and are waiting to hear back 2 years ago

amammad modified the report

2 years ago

amammad modified the report

2 years ago

jekkos validated this vulnerability 2 years ago

amammad has been awarded the disclosure bounty

The fix bounty is now up for grabs

jekkos

commented 2 years ago

Maintainer

I think this should be blocked on the dev server now no?

amammad

commented 2 years ago

Researcher

Hey Jekkos,

I will look at this ASAP

jekkos marked this as fixed with commit 3ac43c 2 years ago

jekkos has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

We have contacted a member of the opensourcepos team and are waiting to hear back 2 years ago

amammad modified the report

2 years ago

amammad modified the report

2 years ago

jekkos validated this vulnerability 2 years ago

amammad has been awarded the disclosure bounty

The fix bounty is now up for grabs

jekkos

commented 2 years ago

Maintainer

I think this should be blocked on the dev server now no?

amammad

commented 2 years ago

Researcher

Hey Jekkos,

I will look at this ASAP

jekkos marked this as fixed with commit 3ac43c 2 years ago

jekkos has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation