header-logo
Suggest Exploit
vendor:
ChitChat.NET
by:
SecurityFocus
7.5
CVSS
HIGH
HTML Injection
79
CWE
Product Name: ChitChat.NET
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Clickcess ChitChat.NET HTML Injection Vulnerability

It has been reported that a html injection issue exists in the Clickcess ChitChat.NET discussion forum software. The vulnerability is reported to be present in the Name and Topic Title text boxes. The problem may allow a remote attacker to inject malicious HTML and script code into the website, which may lead to cookie-based credential theft.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized and filtered.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8417/info
 
It has been reported that a html injection issue exists in the Clickcess ChitChat.NET discussion forum software. The vulnerability is reported to be present in the Name and Topic Title text boxes. The problem may allow a remote attacker to inject malicious HTML and script code into the website.
 
This vulerability may lead to cookie-based credential theft.

Topic title: <script>alert(Zone-h)</script>

Navigation

Suggest Exploit

Services By CQR