Stuart Jamieson

**Name of the Vulnerable Software and Affected Versions** FuseTalk version 2.0 **Description** A Cross-Site Request Forgery (CSRF) issue allows remote attackers to create arbitrary accounts via a link to "adduser.cfm". **Recommendations** For FuseTalk version 2.0, consider disabling the account creation functionality until a patch is available. Restrict access to the "adduser.cfm" endpoint to minimize the risk of exploitation.