The AWcode Toolkit contains a CSRF vulnerability that can be exploited to inject stored XSS payloads. This affects versions up to 1.0.18. The vulnerability allows attackers to trick authenticated users into submitting unauthorized requests, which can result in persistent script injection. The CVSS 3.1 vector indicates the attack can be performed remotely over the network without privileges but requires user interaction. The vulnerability impacts confidentiality, integrity, and availability at a low to medium level. No patch or official remediation guidance has been provided yet.

Successful exploitation could allow attackers to execute stored XSS attacks via CSRF, potentially leading to session hijacking, data manipulation, or denial of service. The impact affects confidentiality, integrity, and availability, but the exact consequences depend on the context of the stored XSS and the victim's interaction. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should consider implementing CSRF protections such as anti-CSRF tokens and validating user requests. Additionally, applying Content Security Policy (CSP) headers may help mitigate the impact of stored XSS. Monitor official vendor channels for updates and patches.