What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in felixtz Modern Polls modern-polls allows Stored XSS.This issue affects Modern Polls: from n/a through <= 1.0.10.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in felixtz Modern Polls modern-polls allows Stored XSS.This issue affects Modern Polls: from n/a through <= 1.0.10.
Explanation of Vulnerability in Simple Terms
Modern Polls versions 1.0.10 and earlier are vulnerable to cross-site request forgery (CSRF) attacks. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions such as creating, modifying, or deleting polls without the administrator's knowledge or consent. The vulnerability affects the poll management functionality and can impact site integrity.
What an attacker can do
Trick a logged-in admin into performing unwanted poll actions (create, modify, delete) via a malicious webpage.
Potential impact on your site
Polls can be created, modified, or deleted without admin authorization if an admin visits a malicious link.
Conditions required to exploit
Admin must visit attacker's webpage while logged into the site. No special privileges or authentication required from attacker.
Key dates
External resources