HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. Referenceshttps://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0101037
