CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc Mavis HTTPS to HTTP Redirection mavis-https-to-http-redirect allows Stored XSS.This issue affects Mavis HTTPS to HTTP Redirection: from n/a through <= 1.4.3.
Explanation of Vulnerability in Simple Terms
Mavis HTTPS to HTTP Redirection versions 1.4.3 and earlier are vulnerable to cross-site request forgery (CSRF) attacks. An attacker can craft a malicious link or page that, when visited by a site administrator, performs unwanted actions on the site without their knowledge. The vulnerability affects the redirection mechanism and requires user interaction to exploit. Impact is limited to low-severity changes in confidentiality, integrity, and availability.
What an attacker can do
Trick a site admin into performing unwanted actions by visiting a malicious link or page.
Potential impact on your site
Administrators could unknowingly change settings or perform actions via CSRF attacks targeting the redirection feature.
Conditions required to exploit
Site admin must visit attacker-controlled page or click a malicious link while logged in.
Key dates
External resources
Related vulnerabilities
