CVE-2017-16756
CVE-2017-16756 affects Userscape HelpSpot before 4.7.2. A CSRF weakness on POST requests to index.php?pg=password.change allows an attacker to change another user’s password. Impact: credential change without authorization. Remediation: upgrade to HelpSpot 4.7.2 or later (per cited disclosures). ...