CSRF Vulnerability in Native Grid LLC's No-Code Page Builder
CVE-2024-24701

4.3MEDIUM

What is CVE-2024-24701?

A Cross-Site Request Forgery (CSRF) vulnerability exists in Native Grid LLC's page builder, impacting versions from an unspecified release to 2.1.20. This issue enables malicious actors to exploit user sessions and perform unauthorized actions on behalf of users without their consent. It poses a significant risk to the integrity of user data and the overall security of the application, emphasizing the need for prompt patching and mitigation strategies.

Affected Version(s)

A no-code page builder for beautiful performance-based content <= 2.1.20

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

emad (Patchstack Alliance)
.