This vulnerability in Elise Bosse Frontpage Manager (up to version 1.3) is classified as CWE-352, Cross-Site Request Forgery. It allows an attacker to induce an authenticated user to perform actions without their consent, leveraging the user's privileges. The CVSS 3.1 base score is 5.4, with network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality impact, low integrity impact, and low availability impact. No patch or official remediation level has been disclosed by the vendor as of the publication date.

Successful exploitation could lead to unauthorized actions being performed on behalf of an authenticated user, resulting in limited integrity and availability impacts. Confidentiality is not affected. The vulnerability requires user interaction and no privileges, making exploitation possible but not trivial. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider implementing CSRF protections such as validating anti-CSRF tokens, restricting actions to POST requests, and educating users about the risks of clicking untrusted links while authenticated. Monitor vendor channels for updates and apply patches promptly once released.