Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote malicious users to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
x7 group x7 chat 2.0.5 |
||
x7 group x7 chat 2.0.4 |