CVE-2007-6297 (PHPMyChat) |
|
| BugsAlert Home > CVE-2007-6297 (PHPMyChat) | |
|
Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.c... Original Source: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6297 Learn more about CVE-2007-6297 (PHPMyChat) |
|
| Tags: cve-2007-6297 phpmychat | |
Related Items |
|
|
FrSIRT - IBM DB2 Universal Database Multiple Denial of Service Vulnerabilities
|
|
|
CVE-2008-0876 (SEWB3 PLATFORM, SEWB3 MI-PLATFORM)
|
|
|
Debian: New python-dns package fixes regression
|
|
|
Bugtraq: [ GLSA 200802-05 ] Gnumeric: User-assisted execution of arbitrary code
|
|
|
CVE-2008-1146 (Financials Server, Directory Pro, Darwin)
|
|
|
Debian Security Update Fixes HPLIP Command Injection Vulnerbility
|
|
|
CVE-2008-2635 (bitkinex)
|
|
