CVE-2018-6888

Name of the Vulnerable Software and Affected Versions Typesetter version 5.1

Description A critical issue was discovered where the User Permissions page, also known as Admin/Users, is affected by a Cross Site Request Forgery flaw. This allows a malicious user to trick another user into unknowingly creating, deleting, or modifying a user account due to the absence of an anti-CSRF token.

Recommendations For Typesetter version 5.1, consider implementing an anti-CSRF token on the User Permissions page to prevent Cross Site Request Forgery attacks. As a temporary workaround, restrict access to the Admin/Users page to minimize the risk of exploitation.