What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in dimafreund Rentsyst rentsyst allows Stored XSS.This issue affects Rentsyst: from n/a through <= 2.0.92.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in dimafreund Rentsyst rentsyst allows Stored XSS.This issue affects Rentsyst: from n/a through <= 2.0.92.
Explanation of Vulnerability in Simple Terms
Rentsyst versions up to 2.0.92 are vulnerable to cross-site request forgery (CSRF) attacks. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions on the Rentsyst installation without the admin's knowledge or consent. The attack affects confidentiality, integrity, and availability of the system.
What an attacker can do
Perform unwanted actions on the site by tricking a logged-in admin into visiting a malicious webpage.
Potential impact on your site
An attacker can modify settings, create accounts, or alter data by exploiting admin sessions without their awareness.
Conditions required to exploit
A logged-in administrator must visit a webpage controlled by the attacker.
Key dates
External resources