Vulnerability in EPiServer.Forms
Doesn't check the language settings. I also had to check:
Is this by design?
Why is not the language settings evaluated in QueryDistinctAccess()?
QueryEditAccessRights() was added in a hotfix (?), why was not this fixed in the QueryDistincAccess instead?