What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in karrikas banner-manager banner-manager allows Stored XSS.This issue affects banner-manager: from n/a through <= 16.04.19.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in karrikas banner-manager banner-manager allows Stored XSS.This issue affects banner-manager: from n/a through <= 16.04.19.
Explanation of Vulnerability in Simple Terms
Banner Manager versions up to 16.04.19 contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unauthorized actions on behalf of an authenticated user. The vulnerability requires user interaction—typically clicking a malicious link or visiting a compromised page. An attacker can modify banner settings, delete banners, or alter site configuration without the user's knowledge or consent.
What an attacker can do
Perform unauthorized actions (modify, delete, or create banners) on behalf of a logged-in site administrator.
Potential impact on your site
Banners can be modified, deleted, or created without your authorization, potentially defacing your site or injecting malicious content.
Conditions required to exploit
An authenticated site administrator must visit a page controlled by the attacker or click a malicious link while logged in.
Key dates
External resources
Related vulnerabilities