What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1.
Explanation of Vulnerability in Simple Terms
Brizy Pro versions up to 2.6.1 contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unwanted actions on behalf of an authenticated user. The vulnerability requires the user to visit a malicious page while logged into Brizy Pro. An attacker can modify site content or settings without the user's knowledge, but cannot read sensitive data.
What an attacker can do
Perform actions on the site (modify content, change settings) on behalf of a logged-in user without their consent.
Potential impact on your site
An attacker can trick your users into modifying site content or settings through a malicious link or page.
Conditions required to exploit
The site admin or editor must be logged into Brizy Pro and visit a page controlled by the attacker.
Key dates
External resources