Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management
feature in the gym/views/gym.py
, templates/gym/reset_user_password.html
, templates/user/overview.html
, core/views/user.py
, and templates/user/preferences.html
, core/forms.py
components.
{ "github_reviewed": true, "severity": "HIGH", "nvd_published_at": "2023-08-08T16:15:12Z", "github_reviewed_at": "2023-08-17T19:08:14Z", "cwe_ids": [ "CWE-352" ] }