The regen Script Compressor product versions up to 1.7.1 are affected by a CSRF vulnerability that enables stored XSS attacks. This means an attacker can trick an authenticated user into submitting a malicious request that results in persistent script injection. The vulnerability has a CVSS 3.1 base score of 7.1, reflecting network accessibility, low complexity, no privileges required, but requiring user interaction. No patch or official fix information is currently provided, and the product is not a cloud service.

Successful exploitation of this vulnerability can lead to stored XSS, which may allow attackers to execute arbitrary scripts in the context of the affected application, potentially compromising user data and session integrity. The CSRF aspect means attackers can induce authenticated users to perform unwanted actions without their consent. The combined impact includes confidentiality, integrity, and availability losses rated as low to partial (C:L/I:L/A:L).

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch or official fix is available, users should consider implementing CSRF protections such as anti-CSRF tokens and input validation to mitigate risk. Monitoring for suspicious activity related to stored XSS may also help detect exploitation attempts.