No CSRF protection for any request

# Summary

The application has no CSRF protection, allowing attackers to leverage CSRF to launch various attacks against admin users. Particularly when combined with XSS vulnerabilities, this would enable attackers to target both frontend users and admin users.

# POC

<img width="1242" height="732" alt="Image" src="https://github.com/user-attachments/assets/9119cc35-2070-4524-9a4f-d4b8483f2f23" />

<img width="1884" height="300" alt="Image" src="https://github.com/user-attachments/assets/8069e068-af88-41f4-ac40-0833d8c05950" />

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

No CSRF protection for any request #145

Summary

POC

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

No CSRF protection for any request #145

Description

Summary

POC

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions