Cross-Site Request Forgery (CSRF)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-352: Cross-Site Request Forgery (CSRF) |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
This view has CSRF protection enabled but is configured to skip the origin check, which weakens its defense against cross-site request forgery attacks. Disabling origin checks can allow unauthorized requests from malicious sites.
Impact#
If exploited, an attacker could trick users into performing sensitive actions on your site without their consent, potentially leading to data theft, account compromise, or unauthorized changes. This undermines trust and may expose critical user or organizational data.