CVE-2020-37106 — Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form — CVE Database · The Intelligence Room