CVE-2019-13633

Name of the Vulnerable Software and Affected Versions: Blinger.io version 1.0.2519

Description: The issue allows an attacker to send arbitrary JavaScript code via various communication channels, including Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This code is mishandled within the administration panel, specifically in the conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed sections.

Recommendations: For Blinger.io version 1.0.2519, as a temporary workaround, consider restricting access to the administration panel's conversation sections until a patch is available. Avoid using the built-in communication channels for sensitive conversations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.