The Plone CMS is susceptible to cross site request forgery attacks and suffers from other vulnerabilities such as credentials being stored in cookies, a lack of authentication state on the server side, and session cookies never changing.
9fa210737534dab70aad652659316b887c987b046c5b5aec3193ff894d27743d