What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Cross Site Request Forgery.This issue affects TrueBooker: from n/a through <= 1.0.7.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Cross Site Request Forgery.This issue affects TrueBooker: from n/a through <= 1.0.7.
Explanation of Vulnerability in Simple Terms
TrueBooker versions 1.0.7 and earlier are vulnerable to cross-site request forgery (CSRF). An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions on the site without their knowledge. The attacker cannot read sensitive data, but can modify site content or settings. A patch version has not been publicly identified.
What an attacker can do
Perform unwanted actions (modify content, change settings) on behalf of a logged-in administrator.
Potential impact on your site
An attacker could alter your site's configuration or content if an admin visits a compromised page.
Conditions required to exploit
Administrator must visit a malicious webpage while logged into TrueBooker.
Key dates
External resources