Team Password Manager (aka TeamPasswordManager) prior to 10.135.236 has a CSRF vulnerability during import.
teampasswordmanager team password manager