header-logo
Suggest Exploit
vendor:
ChitChat.NET
by:
SecurityFocus
8.8
CVSS
HIGH
HTML Injection
79
CWE
Product Name: ChitChat.NET
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

HTML Injection

Clickcess ChitChat.NET discussion forum software is vulnerable to HTML injection. An attacker can inject malicious HTML and script code into the website by entering malicious code into the Name and Topic Title text boxes. This vulnerability may lead to cookie-based credential theft.

Mitigation:

Upgrade to the latest version of Clickcess ChitChat.NET discussion forum software.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8417/info

It has been reported that a html injection issue exists in the Clickcess ChitChat.NET discussion forum software. The vulnerability is reported to be present in the Name and Topic Title text boxes. The problem may allow a remote attacker to inject malicious HTML and script code into the website.

This vulerability may lead to cookie-based credential theft.

Name: <script>alert(Zone-h1)</script>

Navigation

Suggest Exploit

Services By CQR