NiceHash Miner Excavator 1.6.7c Cross Site Request Forgery

Posted on 19 May 2021

NiceHash Miner Excavator versions 1.6.7c and below suffer from a cross site request forgery vulnerability. The issue enables any external web site to send commands to the local miner instance, and to redirect the mined coins to an arbitrary mining address.