The tested web application perfact::mpa offers no protection against cross-site request forgery (CSRF) attacks. This kind of attack forces end users respectively their web browsers to perform unwanted actions in a web application context in which they are currently authenticated.
2b1425b7f0db4e14f7b33d9778f0a59b7e1c1b93b42771c51ac1b69ae8116af3