High
CVSS 7.1
Overview
Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au Import CDN-Remote Images allows Stored XSS. This issue affects Import CDN-Remote Images: from n/a through 2.1.2.
CVE-2025-48153
Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au Import CDN-Remote I...
Risk analysis
This vulnerability is rated 🟠 HIGH.
- CVSS: 7.1 (HIGH)
- Detected tags: csrf, stored_xss, xss (tag impact: MODERATE)
Recommended actions:
- CSRF tokens, SameSite=Strict for cookies, validate Origin/Referer.
- Sanitize stored input and enforce CSP.
- Apply context-aware output encoding.
- Enable Content-Security-Policy and HttpOnly/SameSite cookies.