Eirik Hodne

**Name of the Vulnerable Software and Affected Versions** Drupal Chatroom Module versions prior to 4.7.x-1.0 **Description** The issue allows remote attackers to hijack sessions and gain privileges by broadcasting Chatroom visitors' session IDs to all participants. **Recommendations** For versions prior to 4.7.x-1.0, update to version 4.7.x-1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Drupal Chatroom Module versions prior to 4.7.x-1.0 **Description** The issue allows remote attackers to obtain sensitive information by reading the chatroom's last messages overview, where private messages are improperly displayed. **Recommendations** For versions prior to 4.7.x-1.0, update to version 4.7.x-1.0 or later to resolve the issue.