What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat xelion-webchat allows Privilege Escalation.This issue affects Xelion Webchat: from n/a through <= 9.1.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat xelion-webchat allows Privilege Escalation.This issue affects Xelion Webchat: from n/a through <= 9.1.0.
Explanation of Vulnerability in Simple Terms
Xelion Webchat versions 9.1.0 and earlier contain an improper access control vulnerability. An authenticated user with low privileges can read, modify, or delete sensitive data and disrupt service availability. The vulnerability requires valid login credentials but no additional user interaction. Organizations running affected versions should update immediately.
What an attacker can do
Read, modify, or delete sensitive data; disrupt service availability.
Potential impact on your site
Authenticated users can access and alter data beyond their intended permissions, risking data loss and service disruption.
Conditions required to exploit
Valid login credentials with low-level user privileges.
Key dates
External resources