header-logo
Suggest Exploit
vendor:
phpMyChat
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: phpMyChat
Affected Version From: 0.14.5
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-2005-0528
CPE: a:phpmychat:phpmychat:0.14.5
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

phpMyChat Multiple Cross-Site Scripting Vulnerabilities

Multiple cross-site scripting vulnerabilities in phpMyChat allow remote attackers to inject arbitrary web script or HTML via the (1) medium parameter to style.css.php or the (2) FontName parameter.

Mitigation:

No official patch available. Avoid user-supplied input in URLs.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15679/info
 
phpMyChat is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
 
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
 
phpMyChat 0.14.5 is vulnerable; other versions may also be affected.

http://www.example.com/phpmychat/chat/config/style.css.php?medium=><script>alert(29837274289742472);</script>&FontName=1

Navigation

Suggest Exploit

Services By CQR