← back
CVE-2007-6297

CVE-2007-6297

EPSS 1.5%
Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.css.php), and the From vector for users_popupL.php3 (users_popupL.php), are already covered by CVE-2005-3991.
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/30847unverifiedexploitdbwww.exploit-db.com/exploits/30846unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://securityreason.com/securityalert/3426http://www.securityfocus.com/archive/1/484575/100/0/threadedhttp://www.securityfocus.com/bid/26698