This vulnerability in Navayan Subscribe (<= 1.13) enables CSRF attacks that can result in stored XSS. The CVSS 3.1 base score is 7.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability. The vulnerability allows an attacker to trick an authenticated user into submitting a request that stores malicious script code, which could be executed in the context of the victim's browser.

Successful exploitation can lead to stored XSS, which may allow attackers to execute arbitrary scripts in users' browsers, potentially compromising user data, session tokens, or performing actions with the user's privileges. The CSRF aspect means attackers can induce victims to perform unintended actions without their consent. The combined impact affects confidentiality, integrity, and availability at a low level each, as per the CVSS vector.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider implementing CSRF protections such as anti-CSRF tokens and validating request origins. Additionally, applying web application firewalls (WAF) rules that detect and block CSRF and XSS attempts may help mitigate risk.