The Maeve Lander PayPal Responder product contains a CSRF vulnerability (CWE-352) that enables stored XSS attacks. This affects versions up to 1.2. The vulnerability allows attackers to trick authenticated users into submitting unauthorized requests, which can result in persistent malicious scripts being stored and executed in the context of the application. The CVSS 3.1 base score is 7.1, indicating high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability.

Successful exploitation of this vulnerability can lead to stored XSS, which may allow attackers to execute arbitrary scripts in the context of the victim's browser session. This can compromise user data confidentiality, integrity, and availability of the affected application. The vulnerability can be triggered remotely over the network without privileges but requires user interaction.

No official patch or remediation is currently available for this vulnerability. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is released, users should consider implementing CSRF protections such as anti-CSRF tokens and validating request origins where possible. Monitor vendor communications for updates.