Qu0Kk4

**Name of the Vulnerable Software and Affected Versions** Talishar versions prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48 **Description** The Talishar application does not have Cross-Site Request Forgery (CSRF) protections on critical endpoints that change application state. Specifically, the `SubmitChat.php` file and other game interaction handlers are affected. This allows malicious websites to forge requests on behalf of authenticated users, potentially leading to unauthorized actions within active game sessions. An attacker would need to know the `gameName` and `playerID` of the player, and the player would need to be browsing the malicious website while playing a game. **Recommendations** Update to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48 or later.