What the vulnerability does
01Description
Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
What the vulnerability does
Unauthenticated Cross Site Request Forgery (CSRF) in ProfileGrid <= 5.9.9.7 versions.
Explanation of Vulnerability in Simple Terms
ProfileGrid versions up to 5.9.9.7 contain a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. An attacker can craft a malicious link or page that, when visited by a logged-in site administrator or user, executes unwanted operations without their knowledge or consent. This affects confidentiality, integrity, and availability of the site.
What an attacker can do
Perform unauthorized actions on behalf of a logged-in user, such as modifying settings, creating accounts, or deleting data.
Potential impact on your site
Administrators and users can be tricked into performing harmful actions; attackers may modify site configuration, user data, or content without direct access.
Conditions required to exploit
A logged-in site user must visit a malicious link or page controlled by the attacker.
Key dates
External resources
Related vulnerabilities