DerScanner
Home / Vulnerability Database / TypeScript : Cross-site request forgery (CSRF)
TypeScript

TypeScript : Cross-site request forgery (CSRF)

Classification

OWASP Top 10 2013
A8-Cross-Site Request Forgery (CSRF)
OWASP Top 10 2021
A8-Software and Data Integrity Failures
OWASP ASVS
Validation, Sanitization and EncodingAccess Control
PCI DSS 4.0
6.2.48.2.811.6.1
CWE
CWE-345CWE-352CWE-1034
CWE/SANS Top 25 2011
CWE-352
CWE/SANS Top 25 2021
CWE-352

Overview

Cross Site Request Forgery (CSRF) is possible. HTTP-request must contain a unique user secret parameter.

For example, if the application uses session cookies and does not require explicit user confirmation of a request that does not change the status of the application, an attacker can execute illegitimate requests on behalf of the victim.

References

  1. OWASP Top 10 2013-A8-Cross-Site Request Forgery (CSRF)
  2. CWE-352: Cross-Site Request Forgery (CSRF)
  3. CWE-1034
LOW

DerScanner Severity Score

Do you want to fix TypeScript : Cross-site request forgery (CSRF) in your application?

See also

TypeScript

TypeScript : Unsafe Azure access control

TypeScript

TypeScript : Debug code

TypeScript

TypeScript : XSS protection is disabled