CVE-2023-38759 Information

Description

Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py templates/gym/reset_user_password.html templates/user/overview.html core/views/user.py and templates/user/preferences.html core/forms.py components.

Reference

https://github.com/0x72303074/CVE-Disclosures https://wger.de