What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in ERA404 LinkedInclude linkedinclude allows Stored XSS.This issue affects LinkedInclude: from n/a through <= 3.0.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in ERA404 LinkedInclude linkedinclude allows Stored XSS.This issue affects LinkedInclude: from n/a through <= 3.0.4.
Explanation of Vulnerability in Simple Terms
LinkedInclude versions up to 3.0.4 contain a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unauthorized actions on behalf of site visitors. The vulnerability requires user interaction—typically clicking a malicious link or visiting a compromised page. Successful exploitation can result in unauthorized changes to site data or configuration.
What an attacker can do
Perform unauthorized actions on the site by tricking a visitor into clicking a malicious link.
Potential impact on your site
Attackers can modify site settings or data without your knowledge if a logged-in user visits a malicious page.
Conditions required to exploit
Victim must click a link or visit a page controlled by the attacker while logged into the site.
Key dates
External resources