ownCloud: owncloud.com: Allowed an attacker to force a user to change profile details. (XCSRF)

Allowed an attacker to force a user to change profile details. XCSRF A CSRF attack would not be prevented by this countermeasure because the attacker forges a request through the user's web browser in which a valid session already exists. There is no mitigation of Cross-Site Request Forgery XCSRF...