The “Login/logout CSRF: Time to reconsider?” blog post by Mathias Karlsson (@avlidienbrunn) is a great resource that shows why sometimes CSRF in logout/login can be considered as an impactful security issue and how it can be abused. In Mathias’ blog post, unauthenticated XSS can also be exploited similar to the self-XSS issue but it is […]
↧