3 matches found
CVE-2025-63710
The sendmessage.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery CSRF. The application does not implement any CSRF-protection mechanisms such as tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page tha...
CVE-2025-63710
The CVE-2025-63710 entry concerns SourceCodester Simple Public Chat Room 1.0. The send_message.php endpoint is vulnerable to Cross-Site Request Forgery (CSRF) because there are no CSRF protections (tokens, nonces, or same-site cookies). An attacker could lure an authenticated user to a malicious ...
CVE-2023-23911
An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room...