Security Alert: Cross Domain Referer Leakage via Social Follow Us Links

system · September 19, 2023, 8:03am

Originally published at: Security Alert: Cross Domain Referer Leakage via Social Follow Us Links - Open edX

Security Alert Severity: High Category: Cross Domain Referer Leakage Affected Projects: edx-platform Reporter: Smit B. Shah & Nikhil Srivastava from Techdefence Labs Permanent URL: https://openedx.org/CVE-2015-2286 On January 11, 2015 a security vulnerability was reported by Smit B. Shah and Nikhil Srivastava that caused password reset tokens to be forwarded to third-party social networks in the…

Topic		Replies	Views
Security: patch for password reset Security	0	583	October 7, 2020
Deprecation/Removal: Csrf CrossDomainCookieMiddleware (DEPR-165) Deprecation	3	467	September 9, 2021
Security: Patch for disable user refreshable JWT token vulnerability Security	1	232	December 12, 2022
Security: Patch for XSS and Open Redirect Vulnerability Security	0	366	November 23, 2022
Security: Patch for open redirect in inactive_user_view Security	0	341	April 8, 2022

Security Alert: Cross Domain Referer Leakage via Social Follow Us Links

Related Topics