0.001 Low
EPSS
Percentile
43.6%
Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request.
github.com/advisories/GHSA-3hq4-f2v6-q338
github.com/Kotti/Kotti/issues/551