This vulnerability involves a CSRF flaw in Onlywire Multi Autosubmitter (<=1.2.4) that enables stored XSS attacks. An attacker can exploit the CSRF to trick an authenticated user into submitting malicious requests, resulting in stored XSS payloads being injected and executed within the application context. The CVSS 3.1 vector indicates the attack can be performed remotely without privileges, requires user interaction, and impacts confidentiality, integrity, and availability to a limited extent.

Successful exploitation could allow attackers to execute stored XSS attacks via CSRF, potentially leading to unauthorized actions performed with the victim's privileges, data disclosure, or manipulation within the affected application. The vulnerability impacts confidentiality, integrity, and availability at a low to moderate level as indicated by the CVSS score.

No official patch or remediation guidance is currently available for this vulnerability. Patch status is not yet confirmed — check the vendor advisory or official sources for updates. Until a fix is released, users should consider disabling or restricting access to the affected Onlywire Multi Autosubmitter versions and apply any available workarounds recommended by the vendor.