What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Stylemix Pearl pearl-header-builder allows Cross Site Request Forgery.This issue affects Pearl: from n/a through <= 1.3.9.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Stylemix Pearl pearl-header-builder allows Cross Site Request Forgery.This issue affects Pearl: from n/a through <= 1.3.9.
Explanation of Vulnerability in Simple Terms
Pearl by Stylemix contains a cross-site request forgery (CSRF) vulnerability in versions up to 1.3.9. An attacker can craft a malicious webpage that, when visited by a logged-in user, performs unwanted actions on their behalf. The vulnerability requires user interaction—the victim must visit the attacker's page while authenticated to Pearl. Integrity of data or settings may be compromised.
What an attacker can do
Trick a logged-in user into performing unwanted actions on the site (change settings, modify content, etc.).
Potential impact on your site
Users' accounts can be manipulated to perform actions without their knowledge if they visit malicious links while logged in.
Conditions required to exploit
Victim must be logged into Pearl and visit an attacker-controlled webpage.
Key dates
External resources