; path=/balerocms/"; csrf+stored xss+filter bypass+session hijack: