Summary by Arrow Electronics VDP
A CSRF vulnerability on Name section leads to change in the account name of the victim. An attacker could change victim name without authentication by exploiting this vulnerability on https://www.verical.com.
A CSRF vulnerability on Name section leads to change in the account name of the victim. An attacker could change victim name without authentication by exploiting this vulnerability on https://www.verical.com.
This vulnerability allowed me to fully change to victim profile settings.
As report is fully disclosed, I believe there is no need of brief summary :)
Regards
Arth Bajpai