This vulnerability in Shamalli Web Directory Free (<= 1.7.6) involves CSRF that enables stored XSS attacks. An attacker could trick an authenticated user into submitting a forged request, which the application processes without proper verification, resulting in malicious script storage and execution. The CVSS 3.1 vector indicates the attack can be performed remotely over the network with low attack complexity, no privileges required, but requires user interaction. The impact includes partial confidentiality, integrity, and availability loss.

Successful exploitation could allow an attacker to execute stored malicious scripts in the context of the victim's browser, potentially leading to session hijacking, data manipulation, or denial of service. The vulnerability affects confidentiality, integrity, and availability to a limited extent as indicated by the CVSS vector. No evidence of active exploitation is currently reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider implementing CSRF protections such as anti-CSRF tokens and validating user requests. Additionally, applying input sanitization to prevent stored XSS may reduce risk. Monitor vendor communications for updates on patches or official mitigations.