CVE-2019-16949

Published: Nov 13, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email address specified at the beginning of the chat (where the user enters in their name and e-mail address). This POST request can be modified to change the message as well as the end recipient of the message. The e-mail address will have the same domain name and user as the product allotted. This can be used in phishing campaigns against users on the same domain.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://mjlanders.com/2019/11/07/multiple-vulnerabilities-found-in-enghouse-zeacom-web-chat/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-16949

Description

Affected Products

References