Published: 15/11/2007 Updated: 15/11/2008

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote malicious users to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x7 group x7 chat 2.0.5
x7 group x7 chat 2.0.4

source: wwwsecurityfocuscom/bid/26417/info X7 Chat is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This ...

source: wwwsecurityfocuscom/bid/26417/info X7 Chat is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This ma ...

CWE-79 http://packetstorm.linuxsecurity.com/0711-exploits/x7-xss.txt http://www.securityfocus.com/bid/26417 http://secunia.com/advisories/27677 http://osvdb.org/38746 http://osvdb.org/38745 https://nvd.nist.gov https://www.exploit-db.com/exploits/30758/

CVE-2007-5982

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect