There is two CSRF vulnerability that can add the Tag account
After the administrator logged in,open the following one page.
The rich text editor can use the iframe tag to embed an out-of-chain page. You can use this feature to complete operations such as worms or black hat SEO.A rich text editor can be used to embed an iframe and a remotely connected poc page is automatically refreshed for 0.1 seconds, causing a server DoS attack. You can resume access only by closing the page and restarting apache/nginx.Poc has been written automatically refresh and auto-commit, set mate time, you can see the effect of DoS