This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests are now tracked at the
issue tracker at Github
FS#2488 Bugtraq report of XSRF on add user
Add User appears to be vulnerable to Cross Site Request Forgery (CSRF/XSRF) [not verified].
This is actually the same as
, the exploit code simply uses the XSS hole to extract a valid CSRF token.
FS#2487 Bugtraq report of XSS in edit page "target" parameter