AI Score
Confidence
Low
EPSS
Percentile
45.4%
Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request.
github.com/Kotti/Kotti/issues/551