CVE-2004-0678

Name of the Vulnerable Software and Affected Versions 12Planet Chat Server version 2.9

Description The issue concerns cross-site scripting (XSS) in the InfoServlet component. This allows remote attackers to execute arbitrary scripts as other users by manipulating the page parameter in a specific API endpoint.

Recommendations For version 2.9, update the software to a version that includes a fix for this issue, or as a temporary workaround, consider restricting access to the InfoServlet component to minimize the risk of exploitation. Avoid using the page parameter in the affected API endpoint until the issue is resolved.