What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in awcode AWcode Toolkit awcode-toolkit allows Stored XSS.This issue affects AWcode Toolkit: from n/a through <= 1.0.18.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in awcode AWcode Toolkit awcode-toolkit allows Stored XSS.This issue affects AWcode Toolkit: from n/a through <= 1.0.18.
Explanation of Vulnerability in Simple Terms
AWcode Toolkit versions up to 1.0.18 contain a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unauthorized actions on behalf of site visitors. The vulnerability requires user interaction—typically clicking a malicious link or visiting a compromised page. Successful exploitation can result in unauthorized changes to site data or settings.
What an attacker can do
Perform unauthorized actions on the site by tricking a visitor into clicking a malicious link.
Potential impact on your site
Visitors' accounts could be used to modify site content, settings, or data without their knowledge.
Conditions required to exploit
Victim must click a link or visit a page controlled by the attacker while logged into the site.
Key dates
External resources