Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

These have been fixed.
ridera

I'm not really concerned about the "old" reports. I just asked:

"I assume the old report was false or you've fixed it. Would you comment on this to ease my concern."

However, per your request, just to cite a handful. Google "cross site request forgery winscp" and dozens show up:
<invalid hyperlink removed by admin>
<invalid hyperlink removed by admin>
<invalid hyperlink removed by admin>
<invalid hyperlink removed by admin>

etc.
martin

Re: Cross-site request forgery CSRF

Please post a reference to the report.
ridera

Cross-site request forgery CSRF

I found WinSCP was vulnerable to CSRF in a report several years old.

But, I can't find a ref to it on your site.

I assume the old report was false or you've fixed it.

Would you comment on this to ease my concern.

Great product, use it all the time.