drupal is vulnerable to cross-site request forgery. Lack of secure validation of access to routes allows an attacker to perform cross-site request forgery under some circumstances. It affects the application if the QuickEdit module (which comes with the Standard profile) is installed.