The meloniq AppMaps application versions up to 1.1 contain a CSRF vulnerability that enables stored XSS attacks. This means an attacker can trick a user into submitting unauthorized requests that result in malicious scripts being stored and executed within the application context. The vulnerability has a CVSS 3.1 base score of 7.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability. No patch or official remediation guidance is currently available.

Successful exploitation of this vulnerability could allow attackers to execute stored XSS attacks by leveraging CSRF, potentially leading to unauthorized actions performed with the victim's privileges. This can result in partial compromise of confidentiality, integrity, and availability of the affected system or user data. However, no known active exploits have been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider implementing CSRF protections such as anti-CSRF tokens and validating user requests where possible. Monitoring for unusual activity related to AppMaps usage is advisable. Avoid clicking on suspicious links that could trigger CSRF attacks.