The HTML parameters associated with the create, modify, and delete items functionalities are not properly validated for the user input and can be exploited for carrying out a cross-site request forgery (XSRF) attack. As a result, an attacker can send a request to report a “Bug”, “Improvement Request”, “Task” or “Feature Request”, embedding malicious code which will be stored in the database, and attaching executable files or XSS via files.