CVE-2006-2282

Name of the Vulnerable Software and Affected Versions X7 Chat versions 2.0.2 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the URL of an avatar. This is possibly related to the avatar parameter in the register.php file.

Recommendations For versions 2.0.2 and earlier, as a temporary workaround, consider restricting access to the register.php file or disabling the avatar parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.