The Gaxx Keywords plugin for gaxx versions up to 0.2 is vulnerable to CSRF attacks that enable stored XSS. An attacker can exploit this vulnerability by tricking an authenticated user into submitting a crafted request, which results in malicious script storage and execution within the application context. This vulnerability can lead to partial confidentiality, integrity, and availability impacts as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L). No patch or remediation information is currently provided.

Successful exploitation of this vulnerability can lead to stored XSS, allowing attackers to execute arbitrary scripts in the context of the affected application. This can compromise user data confidentiality, integrity, and availability to some extent. The vulnerability requires user interaction but no privileges, and it affects the application's security scope.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or removing the affected plugin version or applying any recommended temporary mitigations from the vendor. Monitoring official sources for updates is advised.