CVE-2018-6888
CVE-2018-6888 describes a CSRF flaw in Typesetter 5.1, affecting the Admin/Users (User Permissions) page. The underlying issue is lack of an anti-CSRF token, allowing forged requests to create/delete/modify user accounts without user consent. Public documentation in the connected sources confirms...