You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A cross-site request forgery (CSRF) vulnerability occurs when:
A Web application uses session cookies.
The application acts on an HTTP request without verifying that the request was made with the user's consent.
There are 5 cases of CSRF in ui-grid.
The application generates HTTP request via a form post at fileChooserEditor.html line 2.
PoC:
The form post at index.html line 124 and line 149 must contain a user-specific secret in order to prevent an attacker from making unauthorized requests.
The application generates HTTP request via a form post at dropdownEditor.html line 2.
PoC:
<div>
<form
name="inputForm">
<select
ng-class="'colt' + col.uid"
ui-grid-edit-dropdown
ng-model="MODEL_COL_FIELD"
ng-options="field[editDropdownIdLabel] as field[editDropdownValueLabel] CUSTOM_FILTERS for field in editDropdownOptionsArray">
</select>
</form>
</div>
The form post at dropdownEditor.html line 2 must contain a user-specific secret in order to prevent an attacker from making unauthorized requests.
If you'd like to communicate with the original discloser of this security issue, or ensure he is rewarded for his research, simply let me know which GitHub users you wish to be authorised to visit the report pages below, and I'll get it sorted for you.
Hey Guys, I am the original discloser of these security issues. Please advise or give me an update on this. It would be great help and confidence booster for my work.
Description
A cross-site request forgery (CSRF) vulnerability occurs when:
A Web application uses session cookies.
The application acts on an HTTP request without verifying that the request was made with the user's consent.
There are 5 cases of CSRF in ui-grid.
PoC:
The form post at fileChooserEditor.html line 2 must contain a user-specific secret in order to prevent an attacker from making unauthorized requests.
Location:
ui-grid/packages/edit/src/templates/fileChooserEditor.html
Lines 1 to 12 in 4aa2cc5
PoC (L124):
PoC (L149):
The form post at index.html line 124 and line 149 must contain a user-specific secret in order to prevent an attacker from making unauthorized requests.
Location (124-128):
ui-grid/misc/site/customizer/index.html
Lines 124 to 128 in 4aa2cc5
Location (149-152):
ui-grid/misc/site/customizer/index.html
Lines 149 to 152 in 4aa2cc5
PoC:
The form post at importerMenuItem.html line 3 must contain a user-specific secret in order to prevent an attacker from making unauthorized requests.
Location:
ui-grid/packages/importer/src/templates/importerMenuItem.html
Lines 1 to 10 in 4aa2cc5
PoC:
The form post at dropdownEditor.html line 2 must contain a user-specific secret in order to prevent an attacker from making unauthorized requests.
Location:
ui-grid/packages/edit/src/templates/dropdownEditor.html
Lines 1 to 11 in 4aa2cc5
PoC:
The form post at cellEditor.html line 2 must contain a user-specific secret in order to prevent an attacker from making unauthorized requests.
Location:
ui-grid/packages/edit/src/templates/cellEditor.html
Lines 1 to 10 in 4aa2cc5
The text was updated successfully, but these errors were encountered: