0.001 Low
EPSS
Percentile
43.6%
kotti is vulnerable to cross-site request forgery (CSRF) attacks. The vulnerability exists when assigning local roles where a change in permission can occur in the /admin-document/@@share view request.
local roles
/admin-document/@@share
github.com/Kotti/Kotti/commit/00b56681fa9fb8587869a5e00dcd56503081d3b9
github.com/Kotti/Kotti/commit/69d3c8a5d7203ddaec5ced5901acf87baddd76be
github.com/Kotti/Kotti/issues/551