What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in freshchat Freshchat freshchat allows Cross Site Request Forgery.This issue affects Freshchat: from n/a through <= 2.3.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in freshchat Freshchat freshchat allows Cross Site Request Forgery.This issue affects Freshchat: from n/a through <= 2.3.4.
Explanation of Vulnerability in Simple Terms
Freshchat versions up to 2.3.4 contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unwanted actions on behalf of a logged-in user. The vulnerability requires the victim to visit a malicious webpage while authenticated to Freshchat. An attacker can modify user data or settings, but cannot read sensitive information or disrupt service availability.
What an attacker can do
Perform actions on behalf of a logged-in user, such as modifying account settings or data.
Potential impact on your site
Users' Freshchat accounts and settings can be altered without their knowledge if they visit malicious sites while logged in.
Conditions required to exploit
Victim must be logged into Freshchat and visit an attacker-controlled webpage.
Key dates
External resources
Related vulnerabilities