We've recently had our website scanned for security vulnerabilities by an external vendor - though they came back with all kinds of things, one of them was a Cross-Site Request Forgery that they tied back to CuteSoft_Client/CuteEditor/Load.ashx. Effectively, they were saying that this page could be leveraged to call and execute arbitrary ...