Cross-Site Request Forgery (CSRF)

github.com/casdoor/casdoor is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in the SetPassword function at user.go due to a lack of CSRF token, which allows an attacker to change a users password...