What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in raychat Raychat raychat allows Cross Site Request Forgery.This issue affects Raychat: from n/a through <= 2.2.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in raychat Raychat raychat allows Cross Site Request Forgery.This issue affects Raychat: from n/a through <= 2.2.1.
Explanation of Vulnerability in Simple Terms
Raychat versions up to 2.2.1 contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unwanted actions on behalf of an authenticated user. The vulnerability requires the user to visit a malicious webpage while logged into Raychat. An attacker can modify user data or settings, but cannot read sensitive information or disrupt service availability.
What an attacker can do
Perform actions on behalf of a logged-in user, such as changing settings or modifying data.
Potential impact on your site
Users' Raychat accounts can be manipulated without their knowledge if they visit untrusted sites while logged in.
Conditions required to exploit
User must be logged into Raychat and visit an attacker-controlled webpage.
Key dates
External resources