ssddanbrown/bookstack is vulnerable to cross-site request forgery attacks. The library does not properly validate the user login flow after the email confirmation, allowing an attacker to duplicate the username and gain access to the account when user click the confirmation link.