vendor:
Instant Messenger
by:
SecurityFocus
7.5
CVSS
HIGH
HTML Injection and Denial of Service
79
CWE
Product Name: Instant Messenger
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004
Gadu-Gadu Multiple Remote Vulnerabilities
Multiple remote vulnerabilities reportedly affect Gadu-Gadu instant messenger. It supports the DCC (Direct Client Connection) protocol, facilitating the transfer of files and messages between users. The input validation issue is an HTML injection vulnerability in the instant messaging system. The denial of service vulnerability is due to a bug in the image handling code of the affected application. An attacker may leverage these issues to carry out HTML injection attacks, potentially stealing sensitive information, and to carry out denial of service attacks, denying legitimate users of access to the affected software.
Mitigation:
Input validation should be performed to ensure that user-supplied data is properly sanitized. Additionally, the application should be kept up to date with the latest security patches.
