CVE-2019-13930

Name of the Vulnerable Software and Affected Versions XHQ versions prior to 6.0.0.2

Description A security issue has been identified that could allow a Cross-Site Request Forgery (CSRF) attack if a user is tricked into accessing a malicious link. To be successful, the attack requires interaction from a legitimate user who is authenticated to the web interface. If exploited, an attacker could trigger actions via the web interface that the legitimate user is allowed to perform, potentially allowing the attacker to read or modify the contents of the web application. At the time of publication, no public exploitation of this issue was known.

Recommendations For versions prior to 6.0.0.2, update to version 6.0.0.2 or later to resolve the issue. As a temporary workaround, consider implementing additional authentication steps or validating requests to prevent unauthorized actions via the web interface. Restrict access to the web interface to minimize the risk of exploitation.