Description
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
Remediation
References
Related Vulnerabilities
Roundcube Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-4076)
WordPress Plugin Author Periodic Report Cross-Site Scripting (1.0)
WordPress Plugin Chat-Support Board-WordPress Chat Cross-Site Scripting (3.3.4)
WordPress Plugin SyntaxHighlighter Evolved Cross-Site Scripting (3.5.0)
WordPress Plugin Xerte Online 'save.php' Arbitrary File Upload (0.32)