Hi While checking for the application security, we have found that the POST Servlet is exposed, which allows to anonymous user to add jcr:node POST /.json;%0AKPI.css HTTP/2Host: <domain>User-Agent: curl/7.30.0Accept-Encoding: gzip, deflateAccept: /Content-Type: application/x-www-form-urlencodedRe...