Web@All version 2.0 suffers from cross site request forgery and cross site scripting vulnerabilities.