What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash Form hash-form allows Cross Site Request Forgery.This issue affects Hash Form: from n/a through <= 1.2.8.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in hashthemes Hash Form hash-form allows Cross Site Request Forgery.This issue affects Hash Form: from n/a through <= 1.2.8.
Explanation of Vulnerability in Simple Terms
Hash Form versions up to 1.2.8 contain a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unauthorized actions on behalf of site visitors. An attacker can craft a malicious link or page that, when visited by a logged-in user, triggers unwanted form submissions or modifications. The vulnerability requires user interaction but does not require authentication.
What an attacker can do
Perform unauthorized form submissions or modifications on behalf of a logged-in site visitor.
Potential impact on your site
Attackers can manipulate form data or trigger unintended actions through your site visitors' accounts without their knowledge.
Conditions required to exploit
A site visitor must click a malicious link or visit an attacker-controlled page while logged into the site.
Key dates
External resources