What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2.
Explanation of Vulnerability in Simple Terms
PayPal Responder versions up to 1.2 contain a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. An attacker can craft a malicious link or page that, when visited by a logged-in user, triggers unwanted requests to the application. The vulnerability affects confidentiality, integrity, and availability with low impact.
What an attacker can do
Trick a logged-in user into performing unwanted actions on the site via a malicious link or page.
Potential impact on your site
Attackers can manipulate user actions without consent, potentially affecting data integrity and user trust.
Conditions required to exploit
User must be logged in and visit an attacker-controlled page or click a malicious link.
Key dates
External resources
Related vulnerabilities