Details
-
Bug
-
Resolution: Fixed
-
Major
-
2.0 M2
Description
Steps to reproduce:
- Go to <server>/xwiki/bin/view/Main/?xpage=documentTags&xaction=add&ajax=true&tag=foo
- Go to <server>/xwiki/bin/view/Main/?xpage=documentTags&xaction=delete&ajax=true&tag=foo
Expected results:
- A CSRF token validation failure error is displayed (or some other more generic error).
Actual results:
- The tag is added to/deleted from the page.
Note that for adding tags, the CSRF token is actually included in the form but it is not validated on the server.
I have reproduced this issue on 2.6 (and a recent development version) but I think even older versions should be vulnerable.
Attachments
Issue Links
- is duplicated by
-
XWIKI-19602 Vulnerability in the XWiki
- Closed
- links to