I agree with Jeremy. Worst case impact based on description seems like creating a lot of key-pairs and annoying the user.
That being said, it's valid CSRF and should be fixed, albeit in the open.
I agree with Jeremy. Worst case impact based on description seems like creating a lot of key-pairs and annoying the user.
That being said, it's valid CSRF and should be fixed, albeit in the open.