CVE-2020-37106 Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)
Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request to the user creation endpoint with...