This vulnerability in Hotlink2Watermark (<= 0.3.2) allows an attacker to exploit CSRF to cause stored XSS attacks. The CVSS vector indicates the attack can be performed remotely over the network with low attack complexity and no privileges required, but user interaction is needed. The vulnerability impacts confidentiality, integrity, and availability to a limited extent. No patch or vendor advisory is currently available, and the product is not a cloud service.

Successful exploitation could allow an attacker to execute stored XSS via CSRF, potentially leading to unauthorized actions performed in the context of an authenticated user. This can compromise user data confidentiality and integrity and may affect availability. The CVSS score of 7.1 reflects a high severity impact with partial loss of confidentiality, integrity, and availability.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider implementing CSRF protections such as verifying anti-CSRF tokens and restricting actions to authenticated and authorized users. Monitoring for suspicious activity related to stored XSS may also help mitigate risk.