admin/dev/usermacros.jsp lacks an XSRF token to add and remove user macros from Confluence.

admin/dev/usermacros.jsp does not require a csrf token to add and remove user macros from Confluence. This could allow an attacker to introduce a malicious user macro with 'bad' html and or javascript into a confluence instance through a csrf attack on an admin user...