This vulnerability in MartijnScheijbeler Social Analytics allows an attacker to exploit a CSRF flaw to inject stored XSS payloads. The affected versions are from initial releases through 0.2. The CVSS 3.1 base score is 7.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality, integrity, and availability. No vendor advisory or patch information is provided, and the product is not a cloud service.

Successful exploitation could allow an attacker to execute persistent malicious scripts in the context of users of the Social Analytics application, potentially leading to session hijacking, data theft, or other client-side impacts. The CSRF vector means attackers can induce users to perform unwanted actions without their consent. The overall impact is rated high due to the combination of CSRF and stored XSS.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider implementing CSRF protections such as anti-CSRF tokens and input sanitization to mitigate stored XSS risks. Monitoring vendor channels for updates is recommended.