HTML Logo by World Wide Web Consortium ( Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.

Security fix for CSRF vulnerability - Comments

Login / Search

 [ Join | More ]

Security fix for CSRF vulnerability

Posted 12 November 2015, 6:01 PM
There is a CSRF vulnerability for ocPortal. The vulnerability bypasses our referrer checks for checking forms posted to the system. It allows malicious third party websites to trick administrators into submitting coded forms (i.e. coded actions) into the system.

The vulnerability only happens in very particular circumstances, which we are not currently disclosing.

Read more

1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: