What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Casengo Casengo Live Chat Support the-casengo-chat-widget allows Stored XSS.This issue affects Casengo Live Chat Support: from n/a through <= 2.1.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Casengo Casengo Live Chat Support the-casengo-chat-widget allows Stored XSS.This issue affects Casengo Live Chat Support: from n/a through <= 2.1.4.
Explanation of Vulnerability in Simple Terms
Casengo Live Chat Support versions up to 2.1.4 are vulnerable to cross-site request forgery (CSRF) attacks. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions on the Casengo installation without the admin's knowledge. The vulnerability affects confidentiality, integrity, and availability of the chat system.
What an attacker can do
Perform unwanted actions on the Casengo chat system by tricking a logged-in admin into visiting a malicious webpage.
Potential impact on your site
An attacker can modify chat settings, access user data, or disrupt service by exploiting admin sessions without their knowledge.
Conditions required to exploit
A site admin must be logged into Casengo and visit an attacker-controlled webpage while their session is active.
Key dates
External resources