Apr 18, 2022
1172
Security fixes:
- Fixed vulnerabilities where
- html injection was possible in authentication emails by spoofing IP address header
- html injection was possible in agent/visitor transcript emails by spoofing visitor name.
- Exe files were accepted as attachment during chat due to weak file type validation
Other minor updates:
- Started showing warnings in the agent chat window and transcripts section for attachments with potentially dangerous file types.