What the vulnerability does
01Description
Missing Authorization vulnerability in Chatwee Chat by Chatwee chatwee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat by Chatwee: from n/a through <= 2.1.3.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in Chatwee Chat by Chatwee chatwee allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat by Chatwee: from n/a through <= 2.1.3.
Explanation of Vulnerability in Simple Terms
Chat by Chatwee versions 2.1.3 and earlier lack proper authorization checks, allowing authenticated users to modify chat data or settings they should not have access to. An attacker with a low-privilege account can escalate their capabilities within the chat system. The vulnerability requires an existing user account but no additional user interaction.
What an attacker can do
Modify chat data or settings beyond their assigned permissions using a low-privilege account.
Potential impact on your site
Unauthorized users may alter chat content, settings, or configurations, compromising chat integrity and user trust.
Conditions required to exploit
Attacker must have a valid user account on the site; no special privileges or user interaction required.
Key dates
External resources