Cross-site Websocket Hijacking (CSWSH)

meshcentral is vulnerable to Cross-site Websocket Hijacking(CSWSH). The vulnerability is due to missing origin checks when using the control.ashx endpoint in MeshCentral. If an attacker can convince an admin end-user to click on a malicious link, they then can access the control.ashx admin…Read More