CVE-2019-16949

Name of the Vulnerable Software and Affected Versions Enghouse Web Chat versions 6.1.300.31 through 6.2.284.34

Description A security issue in Enghouse Web Chat allows users to modify a POST request, enabling them to change the message and the recipient's email address. This can be exploited in phishing campaigns targeting users within the same domain.

Recommendations For versions 6.1.300.31 and 6.2.284.34, restrict access to the email functionality that allows sending chat logs to prevent potential phishing attacks until a fix is available. As a temporary workaround, consider validating and sanitizing user input for the email address field to minimize the risk of exploitation.