What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in web-able BetPress betpress allows Stored XSS.This issue affects BetPress: from n/a through <= 1.0.1 Lite.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in web-able BetPress betpress allows Stored XSS.This issue affects BetPress: from n/a through <= 1.0.1 Lite.
Explanation of Vulnerability in Simple Terms
BetPress versions up to 1.0.1 Lite contain a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unauthorized actions on behalf of site visitors. An attacker can craft a malicious link or page that, when visited by a logged-in user, executes unwanted requests against the site. This can lead to data modification, unauthorized changes, or other malicious actions depending on what the user is authorized to do.
What an attacker can do
Perform unauthorized actions on the site by tricking a logged-in user into visiting a malicious page.
Potential impact on your site
Attackers can modify site data, change settings, or perform other actions as the victim user without their knowledge.
Conditions required to exploit
A site visitor must be logged in and click a malicious link or visit an attacker-controlled page.
Key dates
External resources