GHSA-4J3W-G62X-HRCP Plone Cross-site request forgery (CSRF)
Multiple cross-site request forgery CSRF vulnerabilities in Plone CMS before 3.1 allow remote attackers to 1 add arbitrary accounts via the joinform page and 2 change the privileges of arbitrary groups via the prefsgroupsoverview page...