CSRF ON EDITING NAME (OPTIONAL)

Allows an attacker to change one's account information in this case ie information from "Name (Optional)". Attackers can change the information without having to login to victim account or without having to login but only by using CSRF technique. I tried changing the "Name (Optional)" information to "YOU HAVE BEEN HACKED". For reproduce stages I attach in the url https://www.youtube.com/watch?v=aDMd5cjAHZI potential url with csrf attack https://liberapay.com/talaohu28/edit/username Regards, LahatalePutih ## Impact Change other people's information without having to login