What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Loc Bui payOS payos allows Cross Site Request Forgery.This issue affects payOS: from n/a through <= 1.0.73.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Loc Bui payOS payos allows Cross Site Request Forgery.This issue affects payOS: from n/a through <= 1.0.73.
Explanation of Vulnerability in Simple Terms
payOS versions up to 1.0.73 are vulnerable to cross-site request forgery (CSRF) attacks. An attacker can craft a malicious webpage that, when visited by a logged-in payOS user, performs unwanted actions on their behalf without their knowledge. The attack requires the user to visit the attacker's page while authenticated. This can result in unauthorized modifications or service disruption.
What an attacker can do
Perform unwanted actions on a user's payOS account by tricking them into visiting a malicious webpage.
Potential impact on your site
Users' payOS accounts can be compromised to perform unauthorized transactions or configuration changes without their consent.
Conditions required to exploit
User must be logged into payOS and visit an attacker-controlled webpage.
Key dates
External resources