What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics navegg allows Stored XSS.This issue affects Navegg Analytics: from n/a through <= 3.3.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Navegg Navegg Analytics navegg allows Stored XSS.This issue affects Navegg Analytics: from n/a through <= 3.3.3.
Explanation of Vulnerability in Simple Terms
Navegg Analytics versions 3.3.3 and earlier are vulnerable to cross-site request forgery (CSRF) attacks. An attacker can craft a malicious webpage that, when visited by a logged-in user, performs unwanted actions on the user's behalf within the analytics platform. The attack requires user interaction—the victim must visit the attacker's page while authenticated. Impact is limited to low-level data exposure and modification.
What an attacker can do
Perform actions on behalf of a logged-in user, such as modifying settings or accessing limited data.
Potential impact on your site
Users' analytics accounts could be manipulated without their knowledge if they visit untrusted sites while logged in.
Conditions required to exploit
Victim must be logged into Navegg Analytics and visit an attacker-controlled webpage.
Key dates
External resources
Related vulnerabilities