Crossite request forgery to embedded web server is possible.
vulners.com/securityvulns/securityvulns:doc:19993
vulners.com/securityvulns/securityvulns:doc:19994