What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in yonifre Lenix scss compiler lenix-scss-compiler allows Cross Site Request Forgery.This issue affects Lenix scss compiler: from n/a through <= 1.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in yonifre Lenix scss compiler lenix-scss-compiler allows Cross Site Request Forgery.This issue affects Lenix scss compiler: from n/a through <= 1.2.
Explanation of Vulnerability in Simple Terms
The Lenix SCSS compiler versions 1.2 and earlier are vulnerable to cross-site request forgery (CSRF) attacks. An attacker can craft a malicious webpage that, when visited by a compiler user, performs unwanted actions on their behalf without their knowledge. The vulnerability requires user interaction—the victim must visit the attacker's page while logged into or actively using the compiler.
What an attacker can do
Perform unwanted actions on behalf of a compiler user without their consent.
Potential impact on your site
If this compiler is used in your build pipeline, an attacker could modify compilation settings or outputs without authorization.
Conditions required to exploit
The victim must visit an attacker-controlled webpage while using the compiler.
Key dates
External resources