Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 up to and including 0.11.0 allow remote malicious users to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kadu kadu 0.11.0 |
||
kadu kadu 0.10.0 |
||
kadu kadu 0.9.0 |