Posted by Javantea on Mar 25

CSRF in Realms Wiki
Vulnerability Report
Mar 19, 2015

Product: Realms Wiki
Website: http://realms.io/
Github: https://github.com/scragg0x/realms-wiki
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N)

Realms Wiki is vulnerable to Cross-Site Request Forgery on all posts. Especially of concern are New, Edit, and Revert.
If Realms Wiki had significant authentication mechananisms such as site administration, user administration, and so
forth, these…