An issue exists in Joomla! prior to 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.
joomla joomla\\!