Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-editionValid
Nov 16th 2021
CSRF to delete chat messages
<a href="http://[UNIT3D-URL]/api/chat/message/[MESSAGE_ID]/delete">CLICK ME!</a>
This vulnerability is capable of tricking users to delete messages. This is probably the last state-changing endpoint in your application which is unprotected from CSRF.