Description
Cross-Site Request Forgery (CSRF) vulnerability in web-able BetPress allows Stored XSS. This issue affects BetPress: from n/a through 1.0.1 Lite.
Problem types
CWE-352 Cross-Site Request Forgery (CSRF)
Product status
Any version
Credits
Nguyen Xuan Chien (Patchstack Alliance)
References
patchstack.com/...csrf-to-stored-xss-vulnerability?_s_id=cve