Hacktivity from putsi
https://hackerone.com/reports/129002
The PdfServlet-functionality used by the "Tee vakuutustodistus" allows injection of custom PDF-content via CSRF-attack
https://hackerone.com/reports/129002