Louis Wang

**Name of the Vulnerable Software and Affected Versions** phpMyChat version 0.14.6 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the `medium` parameter to endpoints like "start page.css.php" and "style.css.php", or the `From` parameter to "users popupL.php". **Recommendations** For phpMyChat version 0.14.6, consider restricting access to the "start page.css.php" and "style.css.php" endpoints to prevent exploitation via the `medium` parameter. Additionally, restrict the use of the `From` parameter in "users popupL.php" until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.