What the vulnerability does
01Description
Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
What the vulnerability does
Subscriber Sensitive Data Exposure in Chatway Live Chat – AI Chatbot, Customer Support, FAQ & Helpdesk Customer Service & Chat Buttons <= 1.4.8 versions.
Explanation of Vulnerability in Simple Terms
Chatway Live Chat versions up to 1.4.8 contain an information disclosure vulnerability affecting multiple security domains. An attacker with low-level privileges can access sensitive data across the application scope, including confidential information, modify certain data, and potentially disrupt service availability. The vulnerability requires network access but no user interaction.
What an attacker can do
Read sensitive data, modify information, and disrupt service availability across the application.
Potential impact on your site
Users' data may be exposed or altered; service availability could be affected by authenticated attackers.
Conditions required to exploit
Attacker must have low-level user account access; no user interaction required.
Key dates
External resources
Related vulnerabilities