Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page.
[
{
"vendor": "LIQUID DESIGN Ltd.",
"product": "LIQUID SPEECH BALLOON",
"versions": [
{
"version": "versions prior to 1.2",
"status": "affected"
}
]
}
]