This vulnerability in Hacklog Remote Attachment (<= 1.3.2) allows an attacker to exploit a CSRF weakness to inject stored XSS payloads. The CVSS 3.1 vector indicates the attack can be performed remotely over the network without privileges, requires user interaction, and impacts confidentiality, integrity, and availability to a low to moderate degree. The vulnerability is confirmed by Patchstack and enriched by CISA, but no patch or mitigation details are provided in the available data.

Successful exploitation can lead to stored cross-site scripting attacks, which may allow attackers to execute arbitrary scripts in the context of the affected application, potentially compromising user data and application integrity. The CVSS score of 7.1 reflects a high severity impact on confidentiality, integrity, and availability. However, no known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or restricting the use of the affected Hacklog Remote Attachment plugin to reduce risk. Monitor vendor channels for updates and apply patches promptly once released.