What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor richtexteditor allows Stored XSS.This issue affects Rich Text Editor: from n/a through <= 1.0.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor richtexteditor allows Stored XSS.This issue affects Rich Text Editor: from n/a through <= 1.0.1.
Explanation of Vulnerability in Simple Terms
Rich Text Editor versions 1.0.1 and earlier are vulnerable to cross-site request forgery (CSRF) attacks. An attacker can craft a malicious webpage that, when visited by a logged-in user, performs unwanted actions within the editor without the user's knowledge. The attack requires user interaction (visiting the malicious page) and can affect confidentiality, integrity, and availability of the editor's functionality.
What an attacker can do
Perform unwanted actions in the Rich Text Editor on behalf of a logged-in user without their consent.
Potential impact on your site
Users' editor actions can be hijacked to modify content, change settings, or perform other unintended operations.
Conditions required to exploit
User must visit an attacker-controlled webpage while logged into a site using the vulnerable editor.
Key dates
External resources