0.001 Low
EPSS
Percentile
30.0%
A CSRF issue is found in the audit configuration under settings. It was found that no CSRF token validation is getting done on the server-side. If we remove the CSRF token and keep the CSRF token field empty, the action is getting performed.
github.com/livehelperchat/livehelperchat
github.com/livehelperchat/livehelperchat/commit/f59ffb02984c0ce2fbb19ac39365066507de9370
huntr.dev/bounties/635d0abf-7680-47f6-a277-d9a91471c73f
nvd.nist.gov/vuln/detail/CVE-2022-0226