LocalTapiola: CSRF bypass + XSS on verkkopalvelu.tapiola.fi

Issue The reporter found an issue in verkkopalvelu.tapiola.fi which led to XSS and CSRF. The issue triggered only on IE, due to CORS implementation. To trigger the issue however, one needed to have a correct viewstate which in essence required manual manipulation. This made a potential attack mor...