CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17590
https://notcve.org/view.php?id=CVE-2019-17590
The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via social engineering, enticing them to click the link. Once the user/victim clicks the "try again" button, the attacker can take over the account and perform unintended actions on the victim's behalf. NOTE: A third-party maintainer has stated that this CVE is a false report. They state that the csrf_callback function is actually a callback function to the callers own handler for output. • https://pastebin.com/01tDgq7u • CWE-352: Cross-Site Request Forgery (CSRF) •