What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in usermaven Usermaven usermaven allows Cross Site Request Forgery.This issue affects Usermaven: from n/a through <= 1.2.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in usermaven Usermaven usermaven allows Cross Site Request Forgery.This issue affects Usermaven: from n/a through <= 1.2.1.
Explanation of Vulnerability in Simple Terms
Usermaven versions up to 1.2.1 contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unwanted actions on behalf of a logged-in user. The vulnerability requires the victim to visit a malicious webpage while authenticated to Usermaven. An attacker can modify user settings or data, but cannot read sensitive information. Update to version 1.2.2 or later.
What an attacker can do
Perform unwanted actions (like changing settings) on behalf of a logged-in Usermaven user.
Potential impact on your site
Users' Usermaven settings or data could be modified without their knowledge if they visit a malicious link while logged in.
Conditions required to exploit
Victim must be logged into Usermaven and visit an attacker-controlled webpage.
Key dates
External resources