PT-2025-46161 · Sourcecodester · Simple Public Chat Room
Published
2025-11-10
·
Updated
2025-11-10
·
CVE-2025-63710
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester Simple Public Chat Room version 1.0
Description
The application lacks CSRF-protection mechanisms like tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page that, when visited by an authenticated user, will automatically submit a forged POST request to the ''send message.php'' endpoint. This request will be executed with the victim's privileges, allowing the attacker to perform unauthorized actions, such as sending arbitrary messages in any chat room. The vulnerable parameter is not specified.
Recommendations
Implement CSRF-protection mechanisms, such as tokens, nonces, or same-site cookie restrictions.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simple Public Chat Room