Mail.ru: CSRF на лайк к отзыву (Pandao)

CSRF vulnerability in pandao.ru allowed to force user to "like" the user's comment. On the time of reportting, clientside vulnerabilities in pandao.ru are not covered by bug bounty program...